Autor(es): Sequeira, Tiago Manuel Simões
Data: 2011
Identificador Persistente: http://hdl.handle.net/10451/13912
Origem: Repositório da Universidade de Lisboa
Assunto(s): Security; Worm/Bot; Monitoring; Honeypot/Honeynet
Autor(es): Sequeira, Tiago Manuel Simões
Data: 2011
Identificador Persistente: http://hdl.handle.net/10451/13912
Origem: Repositório da Universidade de Lisboa
Assunto(s): Security; Worm/Bot; Monitoring; Honeypot/Honeynet
This project is an attempt to correct a potentially dangerous security gap in large enterprise networks, in this context a solution is presented, the WMS, which allows automatic capture of alleged malicious traffic that originates on the corporate network, including mechanisms of back-end, as the mwmonitor prototype, which automatically handles the important task of identifying and dynamic analyzing of internally malware spread like worms and bots that may be involved in captured traffic by the strategically distributed probes on the corporate network. In a business environment are required to have non-intrusive solutions, as well as lightweight solutions, efficient, easy integration and above all productive, and there was particular concern in the design and construction a decentralized architecture for the WMS well as the choice of constituent technologies. As a result, after the creation of security metrics, the system also allows the monitoring (WMSi) protection status of a large corporate network with regard to the occurrence of internal propagation of malware. To validate the implemented solution as well as other applications of the solution was performed in a final phase, an experimental evaluation in which they extract some interesting statistical results and information about attack trends.