177 research outputs found
Security monitoring tool system using threat intelligence vs threat hunting
This project is about developing a Security Monitoring Tool System using Graylog
SIEM (Security Information Event Management) with a combination of Threat
Intelligence and an expected outcome for Threat Hunting results. This is built in
accordance to specific ruleset been made for threat hunting purposes with an
automation of logs from Windows endpoint host and Network activity. A datasets of
Threat Intelligence enrichment will be integrated to the provided platform which is
Graylog. Main objective is to ensure Security Analyst or Network Analyst to have a
look at any suspicious behavior of attacks by hackers and act to it in a timely manner.
Most organizations normally ingesting network and endpoint logs to the SIEM tools
and integrating with some commercial tools to detect or trigger anomalies and directly
send them notifications via email or 3rd party channel like Slack channel. Bear in mind
that, the commercial tools is highly expensive and not really cost effective, however
with this development definitely will help them to deploy the same approach with very
limited budget or could be at zero cost for small medium enterprise but for big
enterprise it will only cost $1500 at fixed price which considered as cheaper than the
other tools. There are many developments out there whereby they are using wellknown open-source IDS like Suricata and open source SIEM like elastic stack
comprises of Elasticsearch, Kibana and Logstash. However, in this development,
Graylog been used with the usage of Elasticsearch and MongoDB as a database server
and to store, search and analyze huge volumes of data ingested. Generally, the Graylog
is introduced as a powerful logging tool with a simple user-friendly interface visualized
with Grafana as well as offering minimal effort to configure with very low
maintenance. Due to that, creating a ruleset for Threat Hunting and Threat Intelligence
enrichment, it will be much easier to configure and straight forward to compare with
other competitors in the market. (Abstract by author
Challenges and Barriers of Using Low Code Software for Machine Learning
As big data grows ubiquitous across many domains, more and more stakeholders
seek to develop Machine Learning (ML) applications on their data. The success
of an ML application usually depends on the close collaboration of ML experts
and domain experts. However, the shortage of ML engineers remains a fundamental
problem. Low-code Machine learning tools/platforms (aka, AutoML) aim to
democratize ML development to domain experts by automating many repetitive
tasks in the ML pipeline. This research presents an empirical study of around
14k posts (questions + accepted answers) from Stack Overflow (SO) that
contained AutoML-related discussions. We examine how these topics are spread
across the various Machine Learning Life Cycle (MLLC) phases and their
popularity and difficulty. This study offers several interesting findings.
First, we find 13 AutoML topics that we group into four categories. The MLOps
topic category (43% questions) is the largest, followed by Model (28%
questions), Data (27% questions), Documentation (2% questions). Second, Most
questions are asked during Model training (29%) (i.e., implementation phase)
and Data preparation (25%) MLLC phase. Third, AutoML practitioners find the
MLOps topic category most challenging, especially topics related to model
deployment & monitoring and Automated ML pipeline. These findings have
implications for all three AutoML stakeholders: AutoML researchers, AutoML
service vendors, and AutoML developers. Academia and Industry collaboration can
improve different aspects of AutoML, such as better DevOps/deployment support
and tutorial-based documentation
Ransomware Simulator for In-Depth Analysis and Detection: Leveraging Centralized Logging and Sysmon for Improved Cybersecurity
Abstract
Ransomware attacks have become increasingly prevalent and sophisticated, posing significant threats to organizations and individuals worldwide. To effectively combat these threats,
security professionals must continuously develop and adapt their detection and mitigation
strategies. This master thesis presents the design and implementation of a ransomware simulator to facilitate an in-depth analysis of ransomware Tactics, Techniques, and Procedures
(TTPs) and to evaluate the effectiveness of centralized logging and Sysmon, including the
latest event types, in detecting and responding to such attacks.
The study explores the advanced capabilities of Sysmon as a logging tool and data source,
focusing on its ability to capture multiple event types, such as file creation, process execution,
and network traffic, as well as the newly added event types. The aim is to demonstrate the
effectiveness of Sysmon in detecting and analyzing malicious activities, with an emphasis on
the latest features. By focusing on the comprehensive aspects of a cyber-attack, the study
showcases the versatility and utility of Sysmon in detecting and addressing various attack
vectors.
The ransomware simulator is developed using a PowerShell script that emulates various
ransomware TTPs and attack scenarios, providing a comprehensive and realistic simulation
of a ransomware attack. Sysmon, a powerful system monitoring tool, is utilized to monitor
and log the activities associated with the simulated attack, including the events generated by
the new Sysmon features. Centralized logging is achieved through the integration of Splunk
Enterprise, a widely used platform for log analysis and management. The collected logs are
then analyzed to identify patterns, indicators of compromise (IoCs), and potential detection
and mitigation strategies.
Through the development of the ransomware simulator and the subsequent analysis of
Sysmon logs, this research contributes to strengthening the security posture of organizations
and improving cybersecurity measures against ransomware threats, with a focus on the latest
Sysmon capabilities. The results demonstrate the importance of monitoring and analyzing
system events to effectively detect and respond to ransomware attacks. This research can serve
as a basis for further exploration of ransomware detection and response strategies, contributing
to the advancement of cybersecurity practices and the development of more robust security
measures against ransomware threats
Applying Machine Learning to Root Cause Analysis in Agile CI/CD Software Testing Environments
This thesis evaluates machine learning classification and clustering algorithms with the aim of automating the root cause analysis of failed tests in agile software testing environments. The inefficiency of manually categorizing the root causes in terms of time and human resources motivates this work. The development and testing environments of an agile team at Ericsson Finland are used as this work's framework.
The author of the thesis extracts relevant features from the raw log data after interviewing the team's testing engineers (human experts).
The author puts his initial efforts into clustering the unlabeled data, and despite obtaining qualitative correlations between several clusters and failure root causes, the vagueness in the rest of the clusters leads to the consideration of labeling.
The author then carries out a new round of interviews with the testing engineers, which leads to the conceptualization of ground-truth categories for the test failures. With these, the human experts label the dataset accordingly.
A collection of artificial neural networks that either classify the data or pre-process it for clustering is then optimized by the author.
The best solution comes in the form of a classification multilayer perceptron that correctly assigns the failure category to new examples, on average, 88.9\% of the time.
The primary outcome of this thesis comes in the form of a methodology for the extraction of expert knowledge and its adaptation to machine learning techniques for test failure root cause analysis using test log data.
The proposed methodology constitutes a prototype or baseline approach towards achieving this objective in a corporate environment
Database Workload Management (Dagstuhl Seminar 12282)
This report documents the program and the outcomes of Dagstuhl Seminar 12282 "Database Workload Management". Dagstuhl Seminar 12282 was designed to
provide a venue where researchers can engage in dialogue with industrial
participants for an in-depth exploration of challenging industrial
workloads, where industrial participants can challenge researchers to
apply the lessons-learned from their large-scale experiments to multiple
real systems, and that would facilitate the release of real workloads that can be used to drive future research, and concrete measures to evaluate and compare workload management techniques in the context of these workloads
- …