Show simple item record

dc.contributor.authorBian, Haibo 16:34:02 (GMT) 16:34:02 (GMT)
dc.description.abstractRecently, network infiltrations due to advanced persistent threats (APTs) have grown significantly, resulting in considerable loses to businesses and organizations. APTs are stealthy attacks with the primary objective of gaining unauthorized access to network assets. They often remain dormant for an extended period of time, which makes their detection challenging. In this thesis, we leverage machine learning (ML) to detect hosts in a network that are a target of an APT attack. We evaluate a number of ML classifiers to detect susceptible hosts in the Los Alamos National Lab (LANL) dataset. We (i) leverage graph-based features extracted from multiple data sources i.e., network flows and host authentication logs, (ii) use feature engineering to reduce dimensionality, (iii) explore balancing the training dataset using numerous over- and under-sampling techniques, (iv) compare our model to the state-of-the-art approaches that leverage the same dataset, and show that our model outperforms them with respect to prediction performance and overhead, and (v) perturb the attack patterns of LMs, study the influence of change in attack frequency and scale on classification performance, and propose a solution for such adversarial behavior.en
dc.publisherUniversity of Waterlooen
dc.titleDetecting Network Intrusions from Authentication Logsen
dc.typeMaster Thesisen
dc.pendingfalse R. Cheriton School of Computer Scienceen Scienceen of Waterlooen
uws-etd.degreeMaster of Mathematicsen
uws.contributor.advisorBoutaba, Raouf
uws.contributor.affiliation1Faculty of Mathematicsen

Files in this item


This item appears in the following Collection(s)

Show simple item record


University of Waterloo Library
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4883

All items in UWSpace are protected by copyright, with all rights reserved.

DSpace software

Service outages