| dc.contributor.advisor | Erik Hemberg and Una-May O'Reilly. | en_US |
| dc.contributor.author | Shlapentokh-Rothman, Michal(Michal M.) | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. | en_US |
| dc.date.accessioned | 2020-09-15T22:02:06Z | |
| dc.date.available | 2020-09-15T22:02:06Z | |
| dc.date.copyright | 2020 | en_US |
| dc.date.issued | 2020 | en_US |
| dc.identifier.uri | https://hdl.handle.net/1721.1/127524 | |
| dc.description | Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, May, 2020 | en_US |
| dc.description | Cataloged from the official PDF of thesis. | en_US |
| dc.description | Includes bibliographical references (pages 61-63). | en_US |
| dc.description.abstract | A common cyber security method is to continuously monitor data flowing into a network. However, the large amount of data that is produced from this approach is quite overwhelming because cyber analysts are unable to review the data in a timely matter. Because of this issue, current security guidelines recommend that organizations pro-actively secure their systems from cyber attacks.There is a large amount of public threat data available for organizations to use as part of their proactive approaches. Despite the amount of data, there is no consistent collection of such threat data. There also has been little analysis of the public threat data to see how comprehensive it is. Accurate public threat data combined with a security practice such as sensor placement can create a strong active security system. We present two systems, BRON, a tool for unifying public threat knowledge, and CHUCK (Cyber Hunting Using Public Knowledge), a utility that determines ideal sensor placement using BRON. BRON is a relational schema that provides easy access to different levels of threat data as well as an analysis of the existing data. CHUCK is a system that incorporates BRON with co-evolutionary algorithms to identify locations for sensor placement. In this thesis, we first demonstrate how BRON can both aid in finding specific threats for a given network and evaluate the quality of threat data. Then we show how CHUCK, which uses BRON, can identify ideal locations in a network for sensor placement. | en_US |
| dc.description.statementofresponsibility | by Michal Shlapentokh-Rothman. | en_US |
| dc.format.extent | 63 pages | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | MIT theses may be protected by copyright. Please reuse MIT thesis content according to the MIT Libraries Permissions Policy, which is available through the URL provided. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | en_US |
| dc.subject | Electrical Engineering and Computer Science. | en_US |
| dc.title | Unifying public threat knowledge for cyber hunting | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | M. Eng. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.identifier.oclc | 1193029994 | en_US |
| dc.description.collection | M.Eng. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science | en_US |
| dspace.imported | 2020-09-15T22:02:05Z | en_US |
| mit.thesis.degree | Master | en_US |
| mit.thesis.department | EECS | en_US |
