Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais
Autor(a) principal: | |
---|---|
Data de Publicação: | 2011 |
Tipo de documento: | Dissertação |
Idioma: | por |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10451/13912 |
Resumo: | This project is an attempt to correct a potentially dangerous security gap in large enterprise networks, in this context a solution is presented, the WMS, which allows automatic capture of alleged malicious traffic that originates on the corporate network, including mechanisms of back-end, as the mwmonitor prototype, which automatically handles the important task of identifying and dynamic analyzing of internally malware spread like worms and bots that may be involved in captured traffic by the strategically distributed probes on the corporate network. In a business environment are required to have non-intrusive solutions, as well as lightweight solutions, efficient, easy integration and above all productive, and there was particular concern in the design and construction a decentralized architecture for the WMS well as the choice of constituent technologies. As a result, after the creation of security metrics, the system also allows the monitoring (WMSi) protection status of a large corporate network with regard to the occurrence of internal propagation of malware. To validate the implemented solution as well as other applications of the solution was performed in a final phase, an experimental evaluation in which they extract some interesting statistical results and information about attack trends. |
id |
RCAP_057cb10fac97f6ef4b06367369d97bf6 |
---|---|
oai_identifier_str |
oai:repositorio.ul.pt:10451/13912 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariaisSecurityWorm/BotMonitoringHoneypot/HoneynetThis project is an attempt to correct a potentially dangerous security gap in large enterprise networks, in this context a solution is presented, the WMS, which allows automatic capture of alleged malicious traffic that originates on the corporate network, including mechanisms of back-end, as the mwmonitor prototype, which automatically handles the important task of identifying and dynamic analyzing of internally malware spread like worms and bots that may be involved in captured traffic by the strategically distributed probes on the corporate network. In a business environment are required to have non-intrusive solutions, as well as lightweight solutions, efficient, easy integration and above all productive, and there was particular concern in the design and construction a decentralized architecture for the WMS well as the choice of constituent technologies. As a result, after the creation of security metrics, the system also allows the monitoring (WMSi) protection status of a large corporate network with regard to the occurrence of internal propagation of malware. To validate the implemented solution as well as other applications of the solution was performed in a final phase, an experimental evaluation in which they extract some interesting statistical results and information about attack trends.Casimiro, AntónioAlegria, José António dos SantosRepositório da Universidade de LisboaSequeira, Tiago Manuel Simões2011-12-19T15:07:04Z20112011-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10451/13912porinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-08T15:59:22Zoai:repositorio.ul.pt:10451/13912Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:35:50.667126Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais |
title |
Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais |
spellingShingle |
Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais Sequeira, Tiago Manuel Simões Security Worm/Bot Monitoring Honeypot/Honeynet |
title_short |
Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais |
title_full |
Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais |
title_fullStr |
Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais |
title_full_unstemmed |
Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais |
title_sort |
Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais |
author |
Sequeira, Tiago Manuel Simões |
author_facet |
Sequeira, Tiago Manuel Simões |
author_role |
author |
dc.contributor.none.fl_str_mv |
Casimiro, António Alegria, José António dos Santos Repositório da Universidade de Lisboa |
dc.contributor.author.fl_str_mv |
Sequeira, Tiago Manuel Simões |
dc.subject.por.fl_str_mv |
Security Worm/Bot Monitoring Honeypot/Honeynet |
topic |
Security Worm/Bot Monitoring Honeypot/Honeynet |
description |
This project is an attempt to correct a potentially dangerous security gap in large enterprise networks, in this context a solution is presented, the WMS, which allows automatic capture of alleged malicious traffic that originates on the corporate network, including mechanisms of back-end, as the mwmonitor prototype, which automatically handles the important task of identifying and dynamic analyzing of internally malware spread like worms and bots that may be involved in captured traffic by the strategically distributed probes on the corporate network. In a business environment are required to have non-intrusive solutions, as well as lightweight solutions, efficient, easy integration and above all productive, and there was particular concern in the design and construction a decentralized architecture for the WMS well as the choice of constituent technologies. As a result, after the creation of security metrics, the system also allows the monitoring (WMSi) protection status of a large corporate network with regard to the occurrence of internal propagation of malware. To validate the implemented solution as well as other applications of the solution was performed in a final phase, an experimental evaluation in which they extract some interesting statistical results and information about attack trends. |
publishDate |
2011 |
dc.date.none.fl_str_mv |
2011-12-19T15:07:04Z 2011 2011-01-01T00:00:00Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10451/13912 |
url |
http://hdl.handle.net/10451/13912 |
dc.language.iso.fl_str_mv |
por |
language |
por |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799134257557274624 |