Provenance-based intrusion detection
In today’s digital landscape, the complexity and severity of cyberattacks are constantly growing, and it is reaching a point where it poses significant challenges to the intrusion detection systems that are currently being used. These systems are becoming less effective in recognising and mitigating...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/175514 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-175514 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1755142024-04-26T15:45:29Z Provenance-based intrusion detection Ong, Benjamin Chee Meng Ke Yiping, Kelly School of Computer Science and Engineering ypke@ntu.edu.sg Computer and Information Science In today’s digital landscape, the complexity and severity of cyberattacks are constantly growing, and it is reaching a point where it poses significant challenges to the intrusion detection systems that are currently being used. These systems are becoming less effective in recognising and mitigating sophisticated threats. This includes zero-day exploits and Advanced Persistent Threats (APTs). In order to surmount this challenge, more reliable and innovative ways to detect these intrusion and threats are needed. One of such promising approaches is to utilise provenance data, specifically provenance graphs, as a data source for the intrusion detection framework. Data provenance represents information flow between system entities as a Direct Acyclic Graph (DAG). In the context of using data provenance for an intrusion detection system, the provenance graph generated will have system entities represented as nodes, and system operations represented as directed edges. As a result, the graph that is generated will provide a comprehensive overview of activities happening within a system, tracking all the actions of every user. This makes it a valuable and informative data source to be used in an intrusion detection system. This project aims to capitalise on the potential of provenance graphs for intrusion detection. By running simulations of cyber attacks on an operating system with a provenance capture tool, extensive datasets of provenance graphs can be generated. These graphs will then be used to train and validate graph-based models. Lastly, the model will be evaluated to determine the effectiveness of using provenance based intrusion detection based on various metrics commonly used to measure the performance of neural network models. Bachelor's degree 2024-04-26T01:52:34Z 2024-04-26T01:52:34Z 2024 Final Year Project (FYP) Ong, B. C. M. (2024). Provenance-based intrusion detection. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/175514 https://hdl.handle.net/10356/175514 en SCSE23-0397 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Computer and Information Science |
| spellingShingle |
Computer and Information Science Ong, Benjamin Chee Meng Provenance-based intrusion detection |
| description |
In today’s digital landscape, the complexity and severity of cyberattacks are constantly growing, and it is reaching a point where it poses significant challenges to the intrusion detection systems that are currently being used. These systems are becoming less effective in recognising and mitigating sophisticated threats. This includes zero-day exploits and Advanced Persistent Threats (APTs). In order to surmount this challenge, more reliable and innovative ways to detect these intrusion and threats are needed. One of such promising approaches is to utilise provenance data, specifically provenance graphs, as a data source for the intrusion detection framework. Data provenance represents information flow between system entities as a Direct Acyclic Graph (DAG). In the context of using data provenance for an intrusion detection system, the provenance graph generated will have system entities represented as nodes, and system operations represented as directed edges. As a result, the graph that is generated will provide a comprehensive overview of activities happening within a system, tracking all the actions of every user. This makes it a valuable and informative data source to be used in an intrusion detection system.
This project aims to capitalise on the potential of provenance graphs for intrusion detection. By running simulations of cyber attacks on an operating system with a provenance capture tool, extensive datasets of provenance graphs can be generated. These graphs will then be used to train and validate graph-based models. Lastly, the model will be evaluated to determine the effectiveness of using provenance based intrusion detection based on various metrics commonly used to measure the performance of neural network models. |
| author2 |
Ke Yiping, Kelly |
| author_facet |
Ke Yiping, Kelly Ong, Benjamin Chee Meng |
| format |
Final Year Project |
| author |
Ong, Benjamin Chee Meng |
| author_sort |
Ong, Benjamin Chee Meng |
| title |
Provenance-based intrusion detection |
| title_short |
Provenance-based intrusion detection |
| title_full |
Provenance-based intrusion detection |
| title_fullStr |
Provenance-based intrusion detection |
| title_full_unstemmed |
Provenance-based intrusion detection |
| title_sort |
provenance-based intrusion detection |
| publisher |
Nanyang Technological University |
| publishDate |
2024 |
| url |
https://hdl.handle.net/10356/175514 |
| _version_ |
1806059801492324352 |