Maeder, Marcel and Mikes, Janic (2017) Cyber Security Integration Engine. Student Research Project thesis, HSR Hochschule für Technik Rapperswil.
HS 2017 2018-SA-EP-MIKES-Maeder-Cyber Security Integration Engine.pdf - Supplemental Material
Download (1MB) | Preview
Abstract
Every company that is working with confidential data needs to fulfill certain regulations. Especially in the financial sector these requirements are crucial to a company's success. For small businesses this can become a severe problem. To help those small companies to fulfill these requirements we want to provide a prototype of an extensible software that will take care of such tasks.
The goal is to get a zero-configuration security box that is easily extensible and able to scale. It should collect necessary data and be able to determine a baseline on what is normal behavior on a client's network. To get started we want to be able to keep a list of machines communicating on the network.
We will split the topic into three separate concerns. For the communication between the subsystems we will use a messaging system. Every information exchange goes through this system using messages. The probes are responsible for collecting potentially interesting information about its environment. This could be network metadata or other kinds of information. The probe then publishes the gathered information into the messaging system. Agents subscribe to messages they are capable of analyzing. Based on these messages they investigate and publish their acquired information back to the messaging system, so any other agent can reuse this information.
In our lab environment we were able to collect and pass network activity data between multiple participants within our framework. We implemented a network probe and an agent that could detect an unknown device based on its mac address. We implemented this using two different messaging systems and compared these two in terms of implementation complexity and message throughput performance.
We found that one messaging system is over 10 times faster than the other and had much better tooling.
Item Type: | Thesis (Student Research Project) |
---|---|
Subjects: | Area of Application > Banking & Finance Area of Application > Security Technologies > Programming Languages > Java Technologies > Databases > PostgreSQL Technologies > Protocols > XMPP |
Divisions: | Bachelor of Science FHO in Informatik > Student Research Project |
Depositing User: | OST Deposit User |
Contributors: | Contribution Name Email Thesis advisor Steffen, Andreas UNSPECIFIED |
Date Deposited: | 10 Apr 2018 09:15 |
Last Modified: | 10 Apr 2018 09:15 |
URI: | https://eprints.ost.ch/id/eprint/621 |