Tipo di tesi
Tesi di laurea magistrale
Titolo
A Simulation Based SIEM Framework to Attribute and Predict Attacks
Corso di studi
INFORMATICA E NETWORKING
Parole chiave
- security; intrusion detection; SIEM; correlation;
Data inizio appello
09/10/2015
Riassunto (Italiano)
We present a Security Information and Event Management (SIEM) framework to correlate, attribute and predict attacks against an ICT system. The output of the assessment of ICT risk, that exploits multiple simulations of attacks against the system, drives the building of a SIEM database. This database enables the SIEM to correlate sequences of detected attacks, to probabilistically attribute and predict attacks, and to discover 0-day vulnerability. After describing the framework and its prototype implementation, we discuss the experimental results on the main SIEM capabilities.
