Title (eng): Towards Dynamic Attack Recognition for SIEM
Langeder, S. (Stefan)
St. Pölten, FH-Stg. Information Security, Master Thesis, 2014
Security Incident and Event Management (SIEM) is capable of facilitating IT Security issues. Systems of that kind analyze events from multiple sources like firewalls, routers, client computers and programs. Based on this information, they can be configured to raise alarm if a specified pattern is recognized within the input data. The patterns for alert generation are commonly defined by static rules. Maintenance of static rules is a sophisticated issue. In order to facilitate these tasks, the aim of this work is to find methods which are capable of dynamically finding attack patterns within events sent to a SIEM system. Therefore, machine learning approaches are considered. Based on evaluated methods, the design of a framework for dynamic attack recognition is described. The framework consists of multiple modules. The modules work on the input data consecutively. Each, the first and the last module of the framework are based on machine learning algorithms. The first module is responsible for classification of input data. The last module recognizes attack patterns dynamically. For the classification module, a testing environment is established. The goal of the tests is to find the most efficient algorithm for classification.
Object languages: English
© All rights reserved
Classification: Hacker; Erkennung