Automatic modeling of cyber intrusions using the diamond model utilizing security logs and events

Author

Mahmoud Al-Maani

Date Approved

2024

Degree Type

Open Access Thesis

Degree Name

Master of Science (MS)

Department or School

Information Security and Applied Computing

Committee Member

Mohammed Alsaleh, PhD

Committee Member

Munther Abualkibash, PhD

Committee Member

Ourania Spantidi, PhD

Abstract

Current intrusion analysis models suffer from unreliability and inaccuracy due to their reliance on outdated and inadequate data sources. Numerous models focus on a particular type of data, leading to potential modeling faults in intrusion analysis models' recommendations. The objective of this thesis is to build a modernized model by integrating the diamond model with security information and event management systems. This thesis presents a detailed cyber intrusion analysis model; in which Elasticsearch is being used to collect and analyze logs about cyber attacks and extract major indicators of compromise then finally map them to the diamond model. The results demonstrate that integrating Elasticsearch with the diamond model would export an effective cyber intrusion analysis model. Overall, our findings suggest that the integration of the diamond model and Elasticsearch has the potential to become an important intrusion analysis model and warrant further research and development in this area.

Recommended Citation

Al-Maani, Mahmoud, "Automatic modeling of cyber intrusions using the diamond model utilizing security logs and events" (2024). Master's Theses and Doctoral Dissertations. 1259.
https://commons.emich.edu/theses/1259