Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais

Detalhes bibliográficos
Autor(a) principal: Sequeira, Tiago Manuel Simões
Data de Publicação: 2011
Tipo de documento: Dissertação
Idioma: por
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10451/13912
Resumo: This project is an attempt to correct a potentially dangerous security gap in large enterprise networks, in this context a solution is presented, the WMS, which allows automatic capture of alleged malicious traffic that originates on the corporate network, including mechanisms of back-end, as the mwmonitor prototype, which automatically handles the important task of identifying and dynamic analyzing of internally malware spread like worms and bots that may be involved in captured traffic by the strategically distributed probes on the corporate network. In a business environment are required to have non-intrusive solutions, as well as lightweight solutions, efficient, easy integration and above all productive, and there was particular concern in the design and construction a decentralized architecture for the WMS well as the choice of constituent technologies. As a result, after the creation of security metrics, the system also allows the monitoring (WMSi) protection status of a large corporate network with regard to the occurrence of internal propagation of malware. To validate the implemented solution as well as other applications of the solution was performed in a final phase, an experimental evaluation in which they extract some interesting statistical results and information about attack trends.
id RCAP_057cb10fac97f6ef4b06367369d97bf6
oai_identifier_str oai:repositorio.ul.pt:10451/13912
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariaisSecurityWorm/BotMonitoringHoneypot/HoneynetThis project is an attempt to correct a potentially dangerous security gap in large enterprise networks, in this context a solution is presented, the WMS, which allows automatic capture of alleged malicious traffic that originates on the corporate network, including mechanisms of back-end, as the mwmonitor prototype, which automatically handles the important task of identifying and dynamic analyzing of internally malware spread like worms and bots that may be involved in captured traffic by the strategically distributed probes on the corporate network. In a business environment are required to have non-intrusive solutions, as well as lightweight solutions, efficient, easy integration and above all productive, and there was particular concern in the design and construction a decentralized architecture for the WMS well as the choice of constituent technologies. As a result, after the creation of security metrics, the system also allows the monitoring (WMSi) protection status of a large corporate network with regard to the occurrence of internal propagation of malware. To validate the implemented solution as well as other applications of the solution was performed in a final phase, an experimental evaluation in which they extract some interesting statistical results and information about attack trends.Casimiro, AntónioAlegria, José António dos SantosRepositório da Universidade de LisboaSequeira, Tiago Manuel Simões2011-12-19T15:07:04Z20112011-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10451/13912porinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-08T15:59:22Zoai:repositorio.ul.pt:10451/13912Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:35:50.667126Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais
title Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais
spellingShingle Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais
Sequeira, Tiago Manuel Simões
Security
Worm/Bot
Monitoring
Honeypot/Honeynet
title_short Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais
title_full Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais
title_fullStr Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais
title_full_unstemmed Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais
title_sort Investigação e desenvolvimento de um sistema automático de detecção, monitorização e análise da propagação de worms em redes empresariais
author Sequeira, Tiago Manuel Simões
author_facet Sequeira, Tiago Manuel Simões
author_role author
dc.contributor.none.fl_str_mv Casimiro, António
Alegria, José António dos Santos
Repositório da Universidade de Lisboa
dc.contributor.author.fl_str_mv Sequeira, Tiago Manuel Simões
dc.subject.por.fl_str_mv Security
Worm/Bot
Monitoring
Honeypot/Honeynet
topic Security
Worm/Bot
Monitoring
Honeypot/Honeynet
description This project is an attempt to correct a potentially dangerous security gap in large enterprise networks, in this context a solution is presented, the WMS, which allows automatic capture of alleged malicious traffic that originates on the corporate network, including mechanisms of back-end, as the mwmonitor prototype, which automatically handles the important task of identifying and dynamic analyzing of internally malware spread like worms and bots that may be involved in captured traffic by the strategically distributed probes on the corporate network. In a business environment are required to have non-intrusive solutions, as well as lightweight solutions, efficient, easy integration and above all productive, and there was particular concern in the design and construction a decentralized architecture for the WMS well as the choice of constituent technologies. As a result, after the creation of security metrics, the system also allows the monitoring (WMSi) protection status of a large corporate network with regard to the occurrence of internal propagation of malware. To validate the implemented solution as well as other applications of the solution was performed in a final phase, an experimental evaluation in which they extract some interesting statistical results and information about attack trends.
publishDate 2011
dc.date.none.fl_str_mv 2011-12-19T15:07:04Z
2011
2011-01-01T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10451/13912
url http://hdl.handle.net/10451/13912
dc.language.iso.fl_str_mv por
language por
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799134257557274624

Registros relacionados