Portal de Programas de Pós-Graduação (UnB)

SIGAA - Sistema Integrado de Gestão de Atividades Acadêmicas

PPEE PROGRAMA DE PÓS-GRADUAÇÃO PROFISSIONAL EM ENGENHARIA ELÉTRICA DEPTO ENGENHARIA ELETRICA Phone: Not available E-mail: Not available https://www.unb.br/pos-graduacao

Banca de DEFESA: Maickel Josué Trinks

Uma banca de DEFESA de MESTRADO foi cadastrada pelo programa.
STUDENT : Maickel Josué Trinks
DATE: 22/06/2023
TIME: 09:00
LOCAL: https://teams.microsoft.com/l/meetup-join/19%3a0a9998084fcc459f92b72fb6608767f7%40thread.tacv2/16865
TITLE:

Multi-agent Architecture for Passive Rootkit Detection with Data Enrichment

KEY WORDS:

Rootkit Detection, Data Enrichment, Threat Intelligence, Cybersecurity.

PAGES: 76
BIG AREA: Engenharias
AREA: Engenharia Elétrica
SUMMARY:

The added value of the information transmitted in a cybernetic environment has resulted in a sophisticated malicious actions scenario aimed at data exfiltration, and, in today’s advanced and dynamic cyber threat environment, organizations need yeld new methods to address their cyber defenses. In situations with unconventional malicious actors, like APTs, obfuscating harmful activity techniques are used to ensure maintenance on strategic targets, avoiding detection by known defense systems and forwarding data of interest to external elements with as little noise as possible.The MADEX and NERD architectures proposed flow analysis solutions to detect rootkits that hide network traffic; however, it presents some operational cost, either in traffic volume or due to lack of aggregated information. In that regard, this work changes and improves user flow analysis techniques to eliminate impacts on network traffic, with data enrichment on local and remote bases, detection of domains consulted by rootkits and aggregation of information to generate threat intelligence, while maintaining high performance and allowing concomitant use with previously existing cyber defense systems. The results show the possibility of aggregating information to data flows used by rootkits in order to have effective cyber defense actions against cybernetic threats without major impacts on the existing network infrastructure.

BANKING MEMBERS:
Externo à Instituição - DINO MACEDO AMARAL - UCBB
Interno - 2556078 - GEORGES DANIEL AMVAME NZE
Presidente - 1141309 - JOAO JOSE COSTA GONDIM
Interno - 2363646 - RAFAEL RABELO NUNES

Notícia cadastrada em: 12/06/2023 12:27