PDF Publication Title:
Text from PDF Page: 026
using rule-based or correlation methods. They can include capabilities to analyze user behaviors and implement complex automatic response flows. SIEMs obtain security events by deploying agents in different elements of the network infrastructure hierarchy: hosts, servers, network elements..., and, in different elements of the security infrastructure: firewalls, NIDS, HIDS... An additional function provided by the SIEM is an integrated visualization function with the ability to help in the consolidated visualization of threats. The visualization of security events [56][57] is a complex issue and it is essential for security analysts to be able to manage the required information which, due to its volume and rapid change, could otherwise be unmanageable. As a summary, a SIEM collects and analyzes security events from different sources, stores them in a centralized location, correlates events and generates alerts and reports based on this information. • Security analysts and administrators: They are the final users of the different elements of the security ecosystem, with the final responsibility for the identification and response to security threats. They operate in the Security Operations Center (SOC) [52]. Security attacks in general can be classified into eight main categories [51]: • Physical attacks: They involve physical damage to computers or network hardware. • Infection: This category of attacks aims to infect the target system through tampering or by installing infected files in the system (e.g. Viruses, Worms, Trojans). • Exploding: These attacks seek to overload/overflow the target system (e.g. Buffer Overflow) • Probe: These attacks collect information about the target system (e.g. Sniffing, Port Mapping Security Scanning). • Cheat: They access the system with fake identities (e.g. IP Spoofing, MAC Spoofing, DNS Spoofing, Session Hijacking, XSS (Cross Site Script) Attacks, Hidden Area Operation, and Input Parameter Cheating) • Traverse: This category of attacks uses all possible ways to match the system credentials to access the system (e.g. Brute Force, Dictionary Attacks, Doorknob Attacks). • Concurrency: They alter the availability of the system by sending massive requests that the system cannot handle (e.g. Flooding, DoS, DDoS) • Others: These are attacks on systems that are not configured or maintained properly and that have a known vulnerability/weakness that compromises them. In addition, security attacks can be classified as passive and active [51]. Passive attacks only collect information (host or network traffic). Active attacks actuate on the attacked system. Active attacks are classified into four categories according to the Defense Advanced Research Projects Agency (DARPA): • DoS: Denial of Service Attacks are designed to make computer or memory resources too busy or too full to handle legitimate network requests and, therefore, deny users access to a machine (e.g. apache2, smurf, neptune, dosnuke, land, pod, back, teardrop, tcpreset, syslogd, crashiis, arppoison, mailbomb, selfping, processtable, udpstorm, warezclient) Doctoral Thesis: Novel applications of Machine Learning to NTAP - 24PDF Image | Novel applications of Machine Learning to Network Traffic Analysis
PDF Search Title:
Novel applications of Machine Learning to Network Traffic AnalysisOriginal File Name Searched:
456453_1175348.pdfDIY PDF Search: Google It | Yahoo | Bing
Cruise Ship Reviews | Luxury Resort | Jet | Yacht | and Travel Tech More Info
Cruising Review Topics and Articles More Info
Software based on Filemaker for the travel industry More Info
The Burgenstock Resort: Reviews on CruisingReview website... More Info
Resort Reviews: World Class resorts... More Info
The Riffelalp Resort: Reviews on CruisingReview website... More Info
CONTACT TEL: 608-238-6001 Email: greg@cruisingreview.com (Standard Web Page)