Diploma Thesis DIP-2013-02

BibliographyÖztürk, Zeynep: A Method for Security Breach Detection through File Access Monitoring and Pattern Recognition.
University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Diploma Thesis (2013).
71 pages, english.
CR-SchemaC.2.0 (Computer-Communication Networks, General)
C.2.3 (Network Operations)
C.2.4 (Distributed Systems)
D.4.6 (Operating Systems Security and Protection)
K.6.5 (Security and Protection)
Abstract

In the enterprise context a common requirement is to protect confidential information, such as sensitive customer data, internal corporate data, or research findings, not only against external, but also internal unauthorized access. The rapidly changing technology environment has seriously affected the computer security of organizations and governments around the world. According to the 2013 Data Breach Investigations Report from Verizon, more than 47,000 reported security incidents, 621 confirmed data breaches, and 44 million compromised records have been analyzed in 2012. Security breaches cause enormous damage and cost organizations billions of dollars annually. Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) are typical protection mechanisms that monitor security breaches. Nevertheless, these systems suffer from several major drawbacks, such as increased configuration complexity, high cost, high maintenance, high number of false alarms, and requiring a security administrator that can react with countermeasures to a security breach. In this context, the goal of this thesis is to develop a novel Breach Detection System (BDS) able to overcome the disadvantages of current IDSs or IPSs. In order to detect and analyze security breaches at the operating system level, with a special focus on file operations, a BDS will be conceptualized and implemented. The aim of this BDS is to enable Security Breach Detection through File Access Monitoring and Pattern Recognition. For this purpose, a sensor is used to gather information about the system behavior while the system is running in a controlled state. Additional, a pattern recognition engine derives patterns from file access events. These patterns are used to monitor a process that accesses a certain file, and to determine the legitimacy of the file operations. It can also be used to suggest a possible access permission to an administrator.

Full text and
other links
PDF (2769708 Bytes)
Department(s)University of Stuttgart, Institute of Parallel and Distributed Systems, Applications of Parallel and Distributed Systems
Superviser(s)Mitschang; Prof. Bernhard; Waizenegger, Tim
Entry dateJuly 3, 2018
   Publ. Computer Science