Project

Ranking system object instance graph

Project (M.S.,Computer Science)--California State University, Sacramento, 2018.

Defending today’s enterprise network has become more and more challenging considering the increasing amount of cyber-attacks. It is critical to understand how an attack happens and how the intrusion propagates inside the enterprise network. System Object Instance Graph (SOIG) is a technique that captures the dependency relationship that exists in between system objects thereby showing the intrusion propagation process. 
 However, the SOIG for an enterprise network can be very large and difficult to comprehend. Therefore, identifying the most important objects (files, processes, and sockets) that are depended on by other objects can help understand the intrusion propagation process. Security measures can be taken towards these objects to prevent future intrusions from happening. 
 In addition, even a small-sized network’s SOIG can result in information overload. This overwhelming information needs to be weighted and segregated to aid human analysts’ comprehension. Human analysts require a tool which can extract critical data from the huge amount of information and provide it as a list of priorities. This way, the limited financial resources can be used for critical tasks. The scarce human power can be delegated to work on the priorities and hence save time from studying the overwhelming information. 
 To combat the overwhelming information from SOIG, this project aims to rank the SOIG using the AssetRank algorithm. AssetRank approach can automatically digest the dependency relations in a SOIG, compute the relative importance of a graph vertex and rank it. The result will be a ranked graph visualizing the most critical vertices based on rank. These ranks of objects can be used to help a security analyst to input relevant data into security tools and understand security problems in a better manner.

Defending today’s enterprise network has become more and more challenging considering the increasing amount of cyber-attacks. It is critical to understand how an attack happens and how the intrusion propagates inside the enterprise network. System Object Instance Graph (SOIG) is a technique that captures the dependency relationship that exists in between system objects thereby showing the intrusion propagation process. However, the SOIG for an enterprise network can be very large and difficult to comprehend. Therefore, identifying the most important objects (files, processes, and sockets) that are depended on by other objects can help understand the intrusion propagation process. Security measures can be taken towards these objects to prevent future intrusions from happening. In addition, even a small-sized network’s SOIG can result in information overload. This overwhelming information needs to be weighted and segregated to aid human analysts’ comprehension. Human analysts require a tool which can extract critical data from the huge amount of information and provide it as a list of priorities. This way, the limited financial resources can be used for critical tasks. The scarce human power can be delegated to work on the priorities and hence save time from studying the overwhelming information. To combat the overwhelming information from SOIG, this project aims to rank the SOIG using the AssetRank algorithm. AssetRank approach can automatically digest the dependency relations in a SOIG, compute the relative importance of a graph vertex and rank it. The result will be a ranked graph visualizing the most critical vertices based on rank. These ranks of objects can be used to help a security analyst to input relevant data into security tools and understand security problems in a better manner.

Relationships

Items