Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Method of finding the minimum number of sources of indicators of compromise to cover the maximum set
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
2023 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Background. With the increasing demand for cybersecurity, there is a growing interest in understanding cyber-attack surfaces and vectors. Security Operation Centers (SOCs) play a crucial role in defensive cybersecurity, and Security Informationand Event Management (SIEM) systems are used to monitor and analyze the security status of computer systems. However, SIEM systems face challenges such asdata overload and the need for effective data selection.Objectives. This research aims to develop a method for reducing the number ofsets of Indicators of Compromise (IOCs) processed by SIEM systems while maintaining maximum coverage. The objectives include conducting a literature review onIOCs processing and data reduction, preparing data from the Open Threat Exchange(OTX) platform, developing a method for minimizing IOCs sets, and evaluating theeffectiveness of the proposed solution.Methods. The evaluation of the methods is performed numerically using a FuzzyTable. The research also involves developing a mathematical model that describesthe relationships between different types of IOCs and the possibility of various representations for the same object. The model takes into account weight assignmentto each indicator. Software implementation is carried out. The effectiveness of thedeveloped method is evaluated using metrics such as the coverage of the initial setof IOCs and the data reduction rateResults. Unfortunately, none of the methods fully met all the criteria. Fuzzy logicwas selected as the decision-making approach. A mathematical data model was developed to represent IOCs and associated pulses as sets. Dependencies were described tofilter out duplicate indicators. Implementation was done using the Python programming language. Three algorithms were implemented: Set cover problem, Weightedcoverage maximization, and Budget cover problem. Tests were conducted on theentire data set and subsets to analyze performance. The number of IOCs decreasedfrom 4115 to 3341, representing a reduction of 25.5% to 93% according to the Totaldata reduction metric. Conclusions. Overall, the developed method reduced information and minimizedindicator sources, offering a valuable approach for reducing data in IOC processing.

Place, publisher, year, edition, pages
2023. , p. 59
Keywords [en]
Indicator of Compromise, Set Cover Problem, Maximum Coverage, Open Threat Exchange
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-24947OAI: oai:DiVA.org:bth-24947DiVA, id: diva2:1773759
Subject / course
DV2572 Master´s Thesis in Computer Science
Educational program
DVACX Master of Science Programme in Computer Science
Presentation
2023-05-26, 16:15 (English)
Supervisors
Examiners
Available from: 2023-06-27 Created: 2023-06-22 Last updated: 2023-06-27Bibliographically approved

Open Access in DiVA

Method of finding the minimum number of sources of indicators of compromise to cover the maximum set(1622 kB)100 downloads
File information
File name FULLTEXT02.pdfFile size 1622 kBChecksum SHA-512
ac07ed14b2461cab583f8e2415456f530c78fee1916aa73473772306664ed36e2f841e5b6d9f003bc1f15ef63d7417f0ab1e9ed81dd99c7e6f6b2faf4c45a1e0
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Sydorenko, Kateryna
By organisation
Department of Computer Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 100 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 121 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf