Detecting Intrusions Using Social Network Analysis And Bayesian Network

• Main Authors: CHIPING LAI, 賴季苹
• Other Authors: Chia-Mai Chen
• Format: Others
• Language: zh-TW
• Published: 2015
• Online Access: http://ndltd.ncl.edu.tw/handle/5byn32

碩士 === 國立中山大學 === 資訊管理學系研究所 === 104 === The type of attack has been change from random attack to non-random attack which called Targeted Attack. This means the attack has an obvious target and this kind of attack need more time and skills to break in to target. Most hackers possess high knowledge and rich resource about attacked target such as important department of government or companies, and the major object is steal sensitive information. Such attack type usually accompanies social engineering or zero-day exploits attacks, and the intrude period may arrive several years. In order to detect Targeted Attack, this paper proposed a conceptual framework for observing the steps of Targeted Attack and through these steps constructed a Bayesian Network detection model which combined risk assessment. Risk assessment including compute each steps of risk of Targeted Attack in order to be prepared for attack. Most of the Targeted Attack uses social engineering breaking into the target successfully. So in this paper, we collected social network and e-mail records from Intrusion Detection System (IDS) to enhance the accuracy of detection. In this paper, we detected Targeted Attack and provide the suspicious IP to be ready for future attack and reduce the chances of data theft.