DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | Shin, Seungwon | - |
dc.contributor.advisor | 신승원 | - |
dc.contributor.author | Seo, Hyunmin | - |
dc.date.accessioned | 2021-05-13T19:33:27Z | - |
dc.date.available | 2021-05-13T19:33:27Z | - |
dc.date.issued | 2020 | - |
dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=911338&flag=dissertation | en_US |
dc.identifier.uri | http://hdl.handle.net/10203/284729 | - |
dc.description | 학위논문(석사) - 한국과학기술원 : 전기및전자공학부, 2020.2,[iv, 33 p. :] | - |
dc.description.abstract | Nowadays, modern enterprise infrastructures include many diverse heterogeneous systems (e.g., router and host) to operate various kinds of services (e.g., web and email). This diversity and heterogeneity make network administrators very hard to track/monitor sophisticated attack trials, such as APTs adopting multiple attack vectors. To overcome this challenge (i.e., provide network operators with clear views on attack trials), we introduce a new concept of security provenance, enabling us to discover the root cause of security incidents effectively. Based on this concept, we build a prototype implementation of SecTracer as a new security analysis framework. SecTracer brings three key contributions: (i) comprehensive and efficient forensic data collection in a dynamic network environment, (ii) attack history reconstruction to deliver a blueprint of cyber-crimes, and (iii) active attack prediction by leveraging graph-based relational learning. In addition, we demonstrate its effectiveness and efficiency by showing analysis capabilities with simulation of real-world APT attack scenario on the enterprise network. | - |
dc.language | eng | - |
dc.publisher | 한국과학기술원 | - |
dc.subject | network security▼aenterprise network▼asecurity provenance▼aroot cause analysis▼aAPT | - |
dc.subject | 네트워크 보안▼a엔터프라이즈 네트워크▼a보안 출처▼a근본 원인 분석▼aAPT | - |
dc.title | Towards a security provenance based framework on analyzing root cause of enterprise network security incidents | - |
dc.title.alternative | 엔터프라이즈 네트워크 보안 사고의 근본 원인 분석을 위한 보안 출처 기반 프레임워크 구축 연구 | - |
dc.type | Thesis(Master) | - |
dc.identifier.CNRN | 325007 | - |
dc.description.department | 한국과학기술원 :전기및전자공학부, | - |
dc.contributor.alternativeauthor | 서현민 | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.