Towards a security provenance based framework on analyzing root cause of enterprise network security incidents엔터프라이즈 네트워크 보안 사고의 근본 원인 분석을 위한 보안 출처 기반 프레임워크 구축 연구
Nowadays, modern enterprise infrastructures include many diverse heterogeneous systems (e.g., router and host) to operate various kinds of services (e.g., web and email). This diversity and heterogeneity make network administrators very hard to track/monitor sophisticated attack trials, such as APTs adopting multiple attack vectors. To overcome this challenge (i.e., provide network operators with clear views on attack trials), we introduce a new concept of security provenance, enabling us to discover the root cause of security incidents effectively. Based on this concept, we build a prototype implementation of SecTracer as a new security analysis framework. SecTracer brings three key contributions: (i) comprehensive and efficient forensic data collection in a dynamic network environment, (ii) attack history reconstruction to deliver a blueprint of cyber-crimes, and (iii) active attack prediction by leveraging graph-based relational learning. In addition, we demonstrate its effectiveness and efficiency by showing analysis capabilities with simulation of real-world APT attack scenario on the enterprise network.
- Advisors
- Shin, Seungwonresearcher; 신승원researcher
- Description
- 한국과학기술원 :전기및전자공학부,
- Publisher
- 한국과학기술원
- Issue Date
- 2020
- Identifier
- 325007
- Language
- eng
- Description
학위논문(석사) - 한국과학기술원 : 전기및전자공학부, 2020.2,[iv, 33 p. :]
- Keywords
network security▼aenterprise network▼asecurity provenance▼aroot cause analysis▼aAPT; 네트워크 보안▼a엔터프라이즈 네트워크▼a보안 출처▼a근본 원인 분석▼aAPT
- Appears in Collection
- EE-Theses_Master(석사논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.