Detection of Malicious Behavior in Sysmon Audit Events – Bc. Roman Chrenšť
Bc. Roman Chrenšť
Master's thesis
Detection of Malicious Behavior in Sysmon Audit Events
Detection of Malicious Behavior in Sysmon Audit Events
Abstract:
Cieľom tejto práce je analyzovať metódy detekcie škodlivého správania v logoch udalostí nástroja Sysmon a implementovať prototyp nástroja, ktorý umožňuje tieto metódy aplikovať na historické dáta v SQL databáze. Analyzujeme udalosti vytvorené nástrojom Sysmon na operačných systémoch Windows a Linux. Pomocou MITRE ATT&CK následne zisťujeme, ktoré bežne používané taktiky, techniky a procedúry možno …moreAbstract:
This thesis aims to analyze methods of detecting malicious behavior in Sysmon event logs and implement a prototype tool that can apply the methods to historical data in an SQL database. We analyze the events produced by the Sysmon tool on Windows and Linux OS. Then we use the MITRE ATT&CK to find which commonly used tactics, techniques, and procedures can be detected using Sysmon event logs. We …more
Language used: English
Date on which the thesis was submitted / produced: 17. 5. 2022
Identifier:
https://is.muni.cz/th/alzri/
Thesis defence
- Date of defence: 24. 6. 2022
- Supervisor: RNDr. Daniel Tovarňák, Ph.D.
- Reader: RNDr. Stanislav Špaček
Citation record
Full text of thesis
Contents of on-line thesis archive
Published in Theses:- světu
Other ways of accessing the text
Institution archiving the thesis and making it accessible: Masarykova univerzita, Fakulta informatikyMasaryk University
Faculty of InformaticsMaster programme / field:
Computer systems, communication and security / Information security