Skip to main content
notice

Master Thesis Defense: Xiao Ma

May 4, 2018
|


Speaker: Xiao Ma

Supervisor: Dr. L. Kosseim

Examining Committee: Drs. B. Jaumard, O. Ormandjieva, Y. Yan (Chair)

Title: Semantic Mapping of Security Events to Attack Patterns

Date: Friday, May 4, 2018

Time: 14:00

Place: EV 3.309

ABSTRACT

In order to provide cyber environment security, analysts need to analyze a large number of security events on a daily basis and take proper actions to alert their clients of potential threats. The increasing cyber traffic drives a need for a system to assist security analysts to relate security events to known attack patterns. This thesis describes the enhancement of an existing Intrusion Detection System (IDS) with the automatic mapping of snort alert messages to known attack patterns. The approach relies on three approaches: supplementing snort messages by adding related Common Vulnerabilities and Exposures (CVE) entities, pre-clustering similar snort messages before mapping them to attack patterns in Common Attack Pattern Enumeration and Classification (CAPEC) and using Latent Semantic Analysis (LSA) to reduce the dimension of the feature space. The module has been deployed in our partner company and when evaluated against the recommendations of two security analysts, it improved the F-measure of their system from 51.81% to 64.84%.




Back to top

© Concordia University