AtheneForschung - Informationsportal der UniBw M

Home / Alle InhalteElektronische PrüfungsarbeitenElektronische DissertationenFakultät für Informatik

Zurück
Zurück zum Anfang der Trefferliste
Dauerhafter Link zum angezeigten Objekt

Wenn Sie Schwierigkeiten haben, das Dokument zu öffnen, versuchen Sie auch bitte diesen Link

Autoren:

Renners, Leonard

Dokumenttyp:

Dissertation / Thesis

Titel:

Adaptive Prioritization of Network Security Incidents

Betreuer:

Dreo Rodosek, Gabi, Prof. Dr.

Gutachter:

Dreo Rodosek, Gabi, Prof. Dr.; Heine, Felix, Prof. Dr.

Tag der Abgabe der Arbeit:

20.11.2019

Tag der mündlichen Prüfung:

09.07.2020

Publikationsdatum:

26.10.2020

Jahr:

2020

Sprache:

Englisch

Schlagwörter:

Internet ; Computersicherheit ; Cyberattacke ; Priorität ; Maschinelles Lernen ; Hochschulschrift

Stichwörter:

incident prioritization; network security; cyber security; machine learning

Abstract:

With the ever rising amount of security and alert information in IT, incident prioritization becomes increasingly important, and is therefore nowadays part of many approaches and tools for network security. A key challenge is, however, a correct prioritization of the events. Currently, the calculation of priorities is rather static, and needs to be defined manually. Incorrect prioritization cannot be reliably or permanently avoided and leads to threatening situations and an increased effort in incident response. Furthermore, the identification of errors in the prioritization rules themselves is another challenge since there is rarely a continuous approach to monitor the prioritization process. In addition, providing corrections as well as defining new, improved rules to address the detected inaccuracies also lacks automated support and again requires manual effort. To address these problems, this thesis proposes a concept for an adaptive prioritization of network security incidents. Our contributions are novel approaches for the prioritization with a focus on a higher degree of automation. We introduce a customizable incident model and a rule-based approach to specify incident prioritization. Furthermore, a process to gather quantitative feedback from the analyst is proposed in combination with a concept for the assessment of the prioritization rules to monitor quality and to regularly identify deficiencies. These concepts are extended and complemented by machine learning techniques for an increased automation regarding the initial creation of prioritization rules, and more importantly the adaptation of an existing set of rules. Understandability of the prioritization model, its instances and of the automation is hereby viewed as a crucial requirement to establish trust in the system for security experts and allow for a manual interaction within the different tasks if necessary. As a result our approach offers the possibility to realize a continuous improvement of the prioritization which helps to address current challenges in incident prioritization in an effective and efficient way. We provide proof of the feasibility of the conceptual work with a first implementation of selected algorithms for every component of the proposed approach. On that basis an assessment of the proposed concepts demonstrates that the model can be used to recreate established prioritization practices. The evaluation further shows promising results for the automated learning and adaptation of the prioritization system, although also highlighting the challenges to balance understandability and prioritization accuracy. «

DDC-Notation:

005.8

URN:

urn:nbn:de:bvb:706-7013

Fakultät:

Fakultät für Informatik

Institut:

INF 3 - Institut für Technische Informatik

Professur:

Dreo Rodosek, Gabi

Open Access ja oder nein?:

Ja / Yes