A security framework for detecting enterprise-wide attacks in computer

Jump to main menu navigation [j] Jump to page content [k]

Research at Kingston University LoginHome

About Browse by Year Browse by Research Area Browse by Faculty Browse by Kingston Author Search Help

A security framework for detecting enterprise-wide attacks in computer networks Onwubiko, Cyril (2008) A security framework for detecting enterprise-wide attacks in computer networks. (PhD thesis), Kingston University. Full text not available from this archive. Official URL: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos...

Abstract An integrated security framework is proposed for detecting enterprise-wide network attacks. The proposed framework defines three types of components, namely, sensor, analysis and response. Sensor components gather evidence about security attacks. Analysis components correlate and combine pieces of attack evidence gathered by sensors, in order to detect attacks perceived on the network. Response components execute recommended responses and can be configured to assist humans in executing security countermeasures. Both schematic and formal descriptions of the framework and its components are provided and discussed. General and specific requirements of each component are outlined. To integrate components of the framework together, a lightweight signalling mechanism referred to as "security spaces" is proposed. A security space is a type of "tuple space" that allows sensor, analysis and response components to connect, contribute and communicate security related information. Its application to distributed sensor, and federated sensor environments is described. The detection of enterprise-wide attacks targeting computer networks is accomplished by distributing sensors across the network to collate evidence of perceived attacks, which are communicated to the analysis component for further investigation. In the analysis, a novel approach in data fusion is applied. This approach is underpinned by the Dempster-Shafer theory of evidence that is utilised to collectively combine pieces of attack evidence gathered by the sensors. The fusion of sensor evidence assists to provide accurate detection of attacks perceived on the entire network. Further, to assist security administrators to visualise and mitigate perceived attacks, graph theory and graph matching algorithms are employed in the analysis. Hence, a graph model - pattern activity graph - is proposed and investigated in representing security attacks perceived on the network. Both graph isomorphism and subgraph iso-morphism are used to compare attack graph templates to data graphs obtained from security events. To validate the objectives of this research, a series of experiments were conducted on a testbed

network, where live network traffic was monitored. A dataset comprising background data and attack data was gathered. Background data is normal data obtained by monitoring the testbed network. Attack data was generated through the attacks conducted on the monitored testbed LAN. The attacks were primarily network scans, network worms, web attacks, policy violations, and stealthy network scans attacks. Item Type: Thesis (PhD) Physical Location: This item is held in stock at Kingston University Library. Research Area:

Communication, cultural and media studies Computer science and informatics

Faculty, School or Research Centre: Faculty of Computing, Information Systems and Mathematics (until 2011) Depositing User: Automatic Import Agent Date Deposited: 09 Sep 2011 21:38 Last Modified: 29 May 2014 10:43 URI: http://eprints.kingston.ac.uk/id/eprint/20301

Actions (Repository Editors) Item Control Page Disclaimer Copyright Freedom of Information Privacy Policy Cookies


A security framework for detecting enterprise-wide attacks in computer

Jump to main menu navigation [j] Jump to page content [k] Research at Kingston University LoginHome About Browse by Year Browse by Research Area Bro...

40KB Sizes 4 Downloads 13 Views

Recommend Documents

Detecting attacks involving DNS servers - Universiteit Twente
research has also shown that several different types of attacks exist that threaten the DNS service. ... This thesis wou

SecureCloud: Towards a Comprehensive Security Framework for
In this paper, we propose a comprehensive security framework ... security framework and discuss existing solutions, some

A Framework for Sustainable Security Systems
a system that's easy to understand, with easily available pertinent information and built-in nudges, ... 1 Source: http:

Detecting and Preventing Attacks Earlier in the Kill Chain
Aug 30, 2015 - By attempting to spoil an attack at every level of the kill chain, it will create a strong ... This phase

Computer Virus Attacks, Information, News, Security, Detection and
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ... Antivirus software. A type of software that scans a computer's m

'DDoS attacks' in Cyber Security | Scoop.it
Cyber Security filtered by DDoS attacks.

Suicide Attacks in Afghanistan - Security Council Report
Sep 1, 2007 - In Afghanistan, suicide attacks are a new phenomenon. Before the assassination of. Ahmad Shah Massoud on S

detecting phishing attacks in purchasing process through proactive

The Industrial Internet Security Framework: A security framework built
Sep 30, 2016 - Global cooperation is essential to protect the industrial internet, and developing the Industrial Interne

A Framework for the Governance of Information Security in Banking
for banking system. It further examines and compares the elements from the commonly used information security governance