Project Mapyen

A network analysis tool to identify anomalous host behaviours

Master thesis (2018)

Authors

V.A.P. Mairet Electrical Engineering, Mathematics and Computer Science

Contributors

S.E. Verwer (mentor)

A. van Deursen (graduation committee member)

Maurício Aniche (coach)

Faculty

Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science

To reference this document use:

http://resolver.tudelft.nl/uuid:60d6e300-41c5-4b5b-a3b9-3fccb5afce77

More Info

expand_more

Published Date

14-02-2018

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

The evolution of the cyber threat landscape drives companies towards state-of-the-art security monitoring techniques. Adyen, a payment service provider company, has both legal and moral obligations to perform security monitoring within the company to remain an ethical and sustainable business. The challenge is to uncover a well-founded solution to detect real-time incidents using lightweight network traffic metadata. This research identifies an optimal clustering solution to perform anomaly detection on the logged network metadata and enhances the analysis using individual probability-based network profiles for each host. The proof of concept implemented for this research is called Mapyen, and it is validated against three different attack scenarios, namely port scans, malware infection simulations, and data exfiltration scenarios. Despite the low precision and recall scores of the initial Mapyen system, it shows great potential for future security research and development.

Files

VM_thesis_publishable.pdf

(.pdf | 6.18 Mb)