Cyber Security Integration Engine

Maeder, Marcel and Mikes, Janic (2017) Cyber Security Integration Engine. Student Research Project thesis, HSR Hochschule für Technik Rapperswil.

[thumbnail of HS 2017 2018-SA-EP-MIKES-Maeder-Cyber Security Integration Engine.pdf]
Preview
Text
HS 2017 2018-SA-EP-MIKES-Maeder-Cyber Security Integration Engine.pdf - Supplemental Material

Download (1MB) | Preview

Abstract

Every company that is working with confidential data needs to fulfill certain regulations. Especially in the financial sector these requirements are crucial to a company's success. For small businesses this can become a severe problem. To help those small companies to fulfill these requirements we want to provide a prototype of an extensible software that will take care of such tasks.

The goal is to get a zero-configuration security box that is easily extensible and able to scale. It should collect necessary data and be able to determine a baseline on what is normal behavior on a client's network. To get started we want to be able to keep a list of machines communicating on the network.

We will split the topic into three separate concerns. For the communication between the subsystems we will use a messaging system. Every information exchange goes through this system using messages. The probes are responsible for collecting potentially interesting information about its environment. This could be network metadata or other kinds of information. The probe then publishes the gathered information into the messaging system. Agents subscribe to messages they are capable of analyzing. Based on these messages they investigate and publish their acquired information back to the messaging system, so any other agent can reuse this information.

In our lab environment we were able to collect and pass network activity data between multiple participants within our framework. We implemented a network probe and an agent that could detect an unknown device based on its mac address. We implemented this using two different messaging systems and compared these two in terms of implementation complexity and message throughput performance.

We found that one messaging system is over 10 times faster than the other and had much better tooling.

Item Type: Thesis (Student Research Project)
Subjects: Area of Application > Banking & Finance
Area of Application > Security
Technologies > Programming Languages > Java
Technologies > Databases > PostgreSQL
Technologies > Protocols > XMPP
Divisions: Bachelor of Science FHO in Informatik > Student Research Project
Depositing User: HSR Deposit User
Contributors:
Contribution
Name
Email
Thesis advisor
Steffen, Andreas
UNSPECIFIED
Date Deposited: 10 Apr 2018 09:15
Last Modified: 10 Apr 2018 09:15
URI: https://eprints.ost.ch/id/eprint/621

Actions (login required)

View Item
View Item