Detecting Network Exposures through Risk Evaluationand Traffic Analysis

• Main Authors: Fyodor Yarochkin, 費爾德
• Other Authors: Kuo Sy-Yen
• Format: Others
• Language: en_US
• Published: 2018
• Online Access: http://ndltd.ncl.edu.tw/handle/84bnkd

博士 === 國立臺灣大學 === 電機工程學研究所 === 106 === This dissertation dives into basic principles of network defense, concepts of threat hunting, covers several case studies of proactive detection and techniques that can be used for a scalable detection of network exposures within network infrastructure. Managing risk and exposure levels is the primary objective of an Information Security Program within a large organization. Managing security risks at a country-wide level is a primary objective of any National Computer Emergency Response Team(CERT) or a Computer Security Incident Response Team (CSIRT). With this work we aim at improving the process of timely detection of network exposures and adversary activities at earlier stages. Threat hunting and proactive detection aims at shortening time between network breach and detection of such breach. This approach is particularly effective in cases when the adversary intentionally evades traditional security products. This work helps to automate selected tasks in the domains of proactive monitoring, detection and threat hunting. A scalable cloudbased platform was designed and implemented in order to cope with massive amount of data to be processed, stored and analyzed. In this study we try to understand methods of a large network risk evaluation and conduct practical experiments using a large network datasets. The main contribution of this work is to demonstrate how threat hunting and several non-intrusive methods of a large network infrastructure reconnaissance could be used to measure risk and network vulnerability exposures within the analyzed network.