notice
Master Thesis Defense: Xiao Ma
Speaker: Xiao Ma
Supervisor: Dr. L. Kosseim
Examining Committee: Drs. B. Jaumard, O. Ormandjieva, Y. Yan (Chair)
Title: Semantic Mapping of Security Events to Attack Patterns
Date: Friday, May 4, 2018
Time: 14:00
Place: EV 3.309
ABSTRACT
In order to provide cyber environment security, analysts need to analyze a large number of security events on a daily basis and take proper actions to alert their clients of potential threats. The increasing cyber traffic drives a need for a system to assist security analysts to relate security events to known attack patterns. This thesis describes the enhancement of an existing Intrusion Detection System (IDS) with the automatic mapping of snort alert messages to known attack patterns. The approach relies on three approaches: supplementing snort messages by adding related Common Vulnerabilities and Exposures (CVE) entities, pre-clustering similar snort messages before mapping them to attack patterns in Common Attack Pattern Enumeration and Classification (CAPEC) and using Latent Semantic Analysis (LSA) to reduce the dimension of the feature space. The module has been deployed in our partner company and when evaluated against the recommendations of two security analysts, it improved the F-measure of their system from 51.81% to 64.84%.