Provenance-based intrusion detection

In today’s digital landscape, the complexity and severity of cyberattacks are constantly growing, and it is reaching a point where it poses significant challenges to the intrusion detection systems that are currently being used. These systems are becoming less effective in recognising and mitigating...

全面介紹

Saved in:
書目詳細資料
主要作者: Ong, Benjamin Chee Meng
其他作者: Ke Yiping, Kelly
格式: Final Year Project
語言:English
出版: Nanyang Technological University 2024
主題:
在線閱讀:https://hdl.handle.net/10356/175514
標簽: 添加標簽
沒有標簽, 成為第一個標記此記錄!
實物特徵
總結:In today’s digital landscape, the complexity and severity of cyberattacks are constantly growing, and it is reaching a point where it poses significant challenges to the intrusion detection systems that are currently being used. These systems are becoming less effective in recognising and mitigating sophisticated threats. This includes zero-day exploits and Advanced Persistent Threats (APTs). In order to surmount this challenge, more reliable and innovative ways to detect these intrusion and threats are needed. One of such promising approaches is to utilise provenance data, specifically provenance graphs, as a data source for the intrusion detection framework. Data provenance represents information flow between system entities as a Direct Acyclic Graph (DAG). In the context of using data provenance for an intrusion detection system, the provenance graph generated will have system entities represented as nodes, and system operations represented as directed edges. As a result, the graph that is generated will provide a comprehensive overview of activities happening within a system, tracking all the actions of every user. This makes it a valuable and informative data source to be used in an intrusion detection system. This project aims to capitalise on the potential of provenance graphs for intrusion detection. By running simulations of cyber attacks on an operating system with a provenance capture tool, extensive datasets of provenance graphs can be generated. These graphs will then be used to train and validate graph-based models. Lastly, the model will be evaluated to determine the effectiveness of using provenance based intrusion detection based on various metrics commonly used to measure the performance of neural network models.