Malware detection with open source security information and event management (OSSIM)
The digital age has ushered in a golden era of innovation and connectivity. However, this interconnectedness has also created a breeding ground for cyber threats. Malicious actors are constantly developing new attack vectors, exploiting vulnerabilities, and breaching security perimeters. Tradi...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/177214 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-177214 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1772142024-05-31T15:44:36Z Malware detection with open source security information and event management (OSSIM) Loh, Yi Hong Cheng Tee Hiang School of Electrical and Electronic Engineering ETHCHENG@ntu.edu.sg Computer and Information Science SIEM Malware The digital age has ushered in a golden era of innovation and connectivity. However, this interconnectedness has also created a breeding ground for cyber threats. Malicious actors are constantly developing new attack vectors, exploiting vulnerabilities, and breaching security perimeters. Traditional security solutions often struggle to keep pace with this ever-evolving threat landscape. In addition, modern organization rely on complex IT infrastructure with multiple endpoints and application. Enterprises are increasingly needing robust network security analysis system in the face of growing cyber threats. This final year project tackles the critical need for improved threat detection and response by developing and implementing a Security Information and Event Management (SIEM) system built on open-source tools. Wazuh, a comprehensive security monitoring and analysis platform, forms the core of this system. Wazuh consists of three key components: Wazuh-Indexer, Wazuh-Manager, and Wazuh-Dashboard. Working together, they provide a data collection, analysis, and visualization engine. Wazuh-Indexer acts as the central hub, collecting security logs from various sources like operating systems, network devices, and applications. Wazuh-Manager then analyses these indexed logs in real-time, identifying potential threats. Finally, Wazuh-Dashboard serves as the user interface, offering security personnel a centralized view of security events, alerts, and overall system health. Beyond Wazuh, the project leverages ElasticSearch for efficient log search, TheHive for managing security incidents and cases, and VirusTotal integration for multi-engine threat analysis. Additionally, Cassandra offers potential high-availability storage for specific datasets, while Shuffle facilitates data sharing, automation, and collaboration between these services. The successful implementation of this project will provide organizations with a cost-effective and effective security information and event management system, enhancing their overall security posture and mitigating cyber threats. Bachelor's degree 2024-05-27T01:29:57Z 2024-05-27T01:29:57Z 2024 Final Year Project (FYP) Loh, Y. H. (2024). Malware detection with open source security information and event management (OSSIM). Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/177214 https://hdl.handle.net/10356/177214 en application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Computer and Information Science SIEM Malware |
| spellingShingle |
Computer and Information Science SIEM Malware Loh, Yi Hong Malware detection with open source security information and event management (OSSIM) |
| description |
The digital age has ushered in a golden era of innovation and connectivity. However, this
interconnectedness has also created a breeding ground for cyber threats. Malicious actors are
constantly developing new attack vectors, exploiting vulnerabilities, and breaching security
perimeters. Traditional security solutions often struggle to keep pace with this ever-evolving
threat landscape. In addition, modern organization rely on complex IT infrastructure with
multiple endpoints and application. Enterprises are increasingly needing robust network
security analysis system in the face of growing cyber threats.
This final year project tackles the critical need for improved threat detection and response by
developing and implementing a Security Information and Event Management (SIEM) system
built on open-source tools. Wazuh, a comprehensive security monitoring and analysis platform,
forms the core of this system.
Wazuh consists of three key components: Wazuh-Indexer, Wazuh-Manager, and Wazuh-Dashboard. Working together, they provide a data collection, analysis, and visualization engine.
Wazuh-Indexer acts as the central hub, collecting security logs from various sources like
operating systems, network devices, and applications. Wazuh-Manager then analyses these
indexed logs in real-time, identifying potential threats. Finally, Wazuh-Dashboard serves as
the user interface, offering security personnel a centralized view of security events, alerts, and
overall system health.
Beyond Wazuh, the project leverages ElasticSearch for efficient log search, TheHive for
managing security incidents and cases, and VirusTotal integration for multi-engine threat
analysis. Additionally, Cassandra offers potential high-availability storage for specific datasets,
while Shuffle facilitates data sharing, automation, and collaboration between these services.
The successful implementation of this project will provide organizations with a cost-effective
and effective security information and event management system, enhancing their overall
security posture and mitigating cyber threats. |
| author2 |
Cheng Tee Hiang |
| author_facet |
Cheng Tee Hiang Loh, Yi Hong |
| format |
Final Year Project |
| author |
Loh, Yi Hong |
| author_sort |
Loh, Yi Hong |
| title |
Malware detection with open source security information and event management (OSSIM) |
| title_short |
Malware detection with open source security information and event management (OSSIM) |
| title_full |
Malware detection with open source security information and event management (OSSIM) |
| title_fullStr |
Malware detection with open source security information and event management (OSSIM) |
| title_full_unstemmed |
Malware detection with open source security information and event management (OSSIM) |
| title_sort |
malware detection with open source security information and event management (ossim) |
| publisher |
Nanyang Technological University |
| publishDate |
2024 |
| url |
https://hdl.handle.net/10356/177214 |
| _version_ |
1814047252574896128 |