Files in this item

FilesDescriptionFormat

application/pdf

application/pdfBADGER-THESIS-2015.pdf (6MB)
(no description provided)PDF

Description

Title:Scalable data analytics pipeline for real-time attack detection: design, validation, and deployment in a honeypot environment
Author(s):Badger, Eric C
Advisor(s):Iyer, Ravishankar K.
Contributor(s):Kalbarczyk, Zbigniew T
Department / Program:Electrical & Computer Engineering
Discipline:Electrical & Computer Engineering
Degree Granting Institution:University of Illinois at Urbana-Champaign
Degree:M.S.
Genre:Thesis
Subject(s):Intrusion Detection
Abstract:This work explores a scalable data analytics pipeline for real-time attack detection through the use of customized honeypots at the National Center for Supercomputing Applications (NCSA). Attack detection tools are common and are constantly getting improved, but validating these tools is challenging. One must automate how to identify what data is essential to detecting the attack, extract this data from multiple different monitors, and send this data to the attack detection tool. On top of this, one must be able to efficiently scale with an ever-increasing amount of data, while also having the ability to extend to new monitors. This requires an infrastructure that is non-trivial to create or to deploy. In this work, we present a generalized architecture that aims for a real- time, scalable, and extensible pipeline that can be deployed in diverse in- frastructures to validate arbitrary attack detection tools. To demonstrate our architecture, we will show an example deployment of our pipeline using completely open-sourced tools. Our example deployment uses as its sources: 1) a customized honeypot environment at NCSA, and 2) customized attack scripts written to follow the skeleton of canonical credential-stealing attacks. To extract useful information, we have deployed network and host-based monitoring tools such as Bro and OSSEC. We have also built an attack de- tection tool named AttackTagger that we will use as our front-end detection engine.
Issue Date:2015-12-07
Type:Thesis
URI:http://hdl.handle.net/2142/89057
Rights Information:Copyright 2015 Eric Badger
Date Available in IDEALS:2016-03-02
Date Deposited:2015-12


This item appears in the following Collection(s)

Item Statistics