|
|
Integration of advanced artificial intelligence methods with log management security systems
Sedláček, Jiří ; Mikulec, Marek (referee) ; Safonov, Yehor (advisor)
Cyber security is a very important aspect of everyone’s daily life. With the ever-expanding cyberspace and its growing influence on the real world, the issue of cyber security is all the more important. The theoretical part of the thesis describes the basic aspects of security monitoring. Also, the process of collecting event logs and their management is briefly described. An important means of security monitoring is the management of security information and events. Its advantages, disadvantages and possible improvements with artificial intelligence are discussed. Security orchestration, automation and response functions are also mentioned in the theoretical part. Machine learning techniques such as neural networks and deep learning are also mentioned. This section also focuses on cyber operations centres in terms of improving the efficiency of human ”manual” labour. A survey of possible machine learning techniques for this use case has been conducted, as the lack of human resources is a critical issue within security operations centres. The practical part of the thesis involves setting out a goal (text sequence classification) that could make the work considerably easier in terms of manually categorizing event logs according to their source. For this set task, security monitoring related data was collected from different log sources. In the practical part, the methods for processing this data are also described in detail. Subsequently, a suitable neural network model was selected and its technical description was performed. Finally, the final data processing and the process of training, validating and testing the model are described. Three scenarios were developed for this process, which are then described in detail in the measurement results.
|
|
|
Process Mining as a Service
Dobias, Ondrej ; MBA, Karel Fuksa, (referee) ; Luhan, Jan (advisor)
Softwérové a hardvérové aplikácie zaznamenávajú veľké množstvo informácií do protokolov udalostí. Každé dva roky sa množstvo zaznamenaných dát viac než zdvojnásobí. Dolovanie procesov je relatívne mladá disciplína, ktorá sa nachádza na rozmedzí strojového učenia a dolovania dát na jednej strane a modelovania a analýzy procesov na druhej strane. Cieľom dolovania procesov je popísať a analyzovať skutočné procesy extrahovaním znalostí z protokolov udalostí, ktoré sú v dnešných aplikáciách bežne dostupné. Táto práca mieri na spojenie obchodných príležitostí (organizácie bohaté na dáta; dopyt po službách BPM; limitácie na strane tradičnej dodávky BPM služieb) s technickými možnosťammi Dolovania procesov. Cieľom práce je návrh produktu, ktorý bude riešiť potreby zákazníkov a poskytovateľov služieb v oblasti Dolovania procesov lepšie než súčasné riešenie vybranej spoločnosti.
|
|
|
Tool for mapping computer infrastructure assets and designing SIEM correlation rules for security monitoring
Hrabálek, Matěj ; Caha, Tomáš (referee) ; Safonov, Yehor (advisor)
With the growing popularity of the SOC service, which often uses SIEM tools, new challenges arise regarding the implementation of these tools into individual infrastructures that can face cyber attacks. SIEM tools can detect cyber attacks only if they are configured correctly, i.e. they collect the right logs. This bachelor’s thesis is used for the facilitation of the process of implementing SIEM into the internal infrastructure. They discuss the appropriate categorization of log sources and correlation rules, the naming of correlation rules, and a system for mapping log sources to relevant correlation rules is proposed, which facilitates the implementation of SIEM into the infrastructure. All knowledge is then implemented into a web application, which is the practical output of this bachelor’s thesis. The web application allows the user, who is going to implement a SIEM service into their own infrastructure, to enter data about the infrastructure, especially log sources that can be generated in the infrastructure, and offers suitable correlation rules, including their naming, to the respective log sources. In addition to logs, SIEM technology and correlation rules, the theoretical part also discusses general knowledge from cyber security and describes the Security Operations Center.
|
|
|
Integration of advanced artificial intelligence methods with log management security systems
Sedláček, Jiří ; Mikulec, Marek (referee) ; Safonov, Yehor (advisor)
Cyber security is a very important aspect of everyone’s daily life. With the ever-expanding cyberspace and its growing influence on the real world, the issue of cyber security is all the more important. The theoretical part of the thesis describes the basic aspects of security monitoring. Also, the process of collecting event logs and their management is briefly described. An important means of security monitoring is the management of security information and events. Its advantages, disadvantages and possible improvements with artificial intelligence are discussed. Security orchestration, automation and response functions are also mentioned in the theoretical part. Machine learning techniques such as neural networks and deep learning are also mentioned. This section also focuses on cyber operations centres in terms of improving the efficiency of human ”manual” labour. A survey of possible machine learning techniques for this use case has been conducted, as the lack of human resources is a critical issue within security operations centres. The practical part of the thesis involves setting out a goal (text sequence classification) that could make the work considerably easier in terms of manually categorizing event logs according to their source. For this set task, security monitoring related data was collected from different log sources. In the practical part, the methods for processing this data are also described in detail. Subsequently, a suitable neural network model was selected and its technical description was performed. Finally, the final data processing and the process of training, validating and testing the model are described. Three scenarios were developed for this process, which are then described in detail in the measurement results.
|
|
|
Process Mining as a Service
Dobias, Ondrej ; MBA, Karel Fuksa, (referee) ; Luhan, Jan (advisor)
Softwérové a hardvérové aplikácie zaznamenávajú veľké množstvo informácií do protokolov udalostí. Každé dva roky sa množstvo zaznamenaných dát viac než zdvojnásobí. Dolovanie procesov je relatívne mladá disciplína, ktorá sa nachádza na rozmedzí strojového učenia a dolovania dát na jednej strane a modelovania a analýzy procesov na druhej strane. Cieľom dolovania procesov je popísať a analyzovať skutočné procesy extrahovaním znalostí z protokolov udalostí, ktoré sú v dnešných aplikáciách bežne dostupné. Táto práca mieri na spojenie obchodných príležitostí (organizácie bohaté na dáta; dopyt po službách BPM; limitácie na strane tradičnej dodávky BPM služieb) s technickými možnosťammi Dolovania procesov. Cieľom práce je návrh produktu, ktorý bude riešiť potreby zákazníkov a poskytovateľov služieb v oblasti Dolovania procesov lepšie než súčasné riešenie vybranej spoločnosti.
|
guest ::
