Unifying public threat knowledge for cyber hunting

Author(s)
Shlapentokh-Rothman, Michal(Michal M.)
Thumbnail
Download1193029994-MIT.pdf (1.239Mb)
Other Contributors
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
Advisor
Erik Hemberg and Una-May O'Reilly.
Terms of use
MIT theses may be protected by copyright. Please reuse MIT thesis content according to the MIT Libraries Permissions Policy, which is available through the URL provided. http://dspace.mit.edu/handle/1721.1/7582
Metadata
Show full item record
Abstract
A common cyber security method is to continuously monitor data flowing into a network. However, the large amount of data that is produced from this approach is quite overwhelming because cyber analysts are unable to review the data in a timely matter. Because of this issue, current security guidelines recommend that organizations pro-actively secure their systems from cyber attacks.There is a large amount of public threat data available for organizations to use as part of their proactive approaches. Despite the amount of data, there is no consistent collection of such threat data. There also has been little analysis of the public threat data to see how comprehensive it is. Accurate public threat data combined with a security practice such as sensor placement can create a strong active security system. We present two systems, BRON, a tool for unifying public threat knowledge, and CHUCK (Cyber Hunting Using Public Knowledge), a utility that determines ideal sensor placement using BRON. BRON is a relational schema that provides easy access to different levels of threat data as well as an analysis of the existing data. CHUCK is a system that incorporates BRON with co-evolutionary algorithms to identify locations for sensor placement. In this thesis, we first demonstrate how BRON can both aid in finding specific threats for a given network and evaluate the quality of threat data. Then we show how CHUCK, which uses BRON, can identify ideal locations in a network for sensor placement.
Description
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, May, 2020
 
Cataloged from the official PDF of thesis.
 
Includes bibliographical references (pages 61-63).
 
Date issued
2020
URI
https://hdl.handle.net/1721.1/127524
Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Publisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.
Collections