Show simple item record

dc.contributor.advisorAwan, Irfan U.
dc.contributor.authorAl-Mohannadi, Hamad
dc.date.accessioned2021-12-08T15:36:35Z
dc.date.available2021-12-08T15:36:35Z
dc.date.issued2019
dc.identifier.urihttp://hdl.handle.net/10454/18672
dc.description.abstractCyber-attacks have become an increasing threat to organisations as well as the wider public. This has led to greatly negative impacts on the economy at large and on the everyday lives of people. Every successful cyber attack on targeted devices and networks highlights the weaknesses within the defense mechanisms responsible for securing them. Gaining a thorough understanding of cyber threats beforehand is therefore essential to prevent potential attacks in the future. Numerous efforts have been made to avoid cyber-attacks and protect the valuable assets of an organisation. However, the most recent cyber-attacks have exhibited the profound levels of sophistication and intelligence of the attacker, and have shown conven- tional attack detection mechanisms to fail in several attack situations. Several researchers have highlighted this issue previously, along with the challenges faced by alternative solu- tions. There is clearly an unprecedented need for a solution that takes a proactive approach to understanding potential cyber threats in real-time situations. This thesis proposes a progressive and multi-aspect solution comprising of cyber-attack modeling for the purpose of cyber threat intelligence. The proposed model emphasises on approaches from organisations to understand and predict future cyber-attacks by collecting and analysing network events to identify attacker activity. This could then be used to understand the nature of an attack to build a threat intelligence framework. However, collecting and analysing live data from a production system can be challenging and even dangerous as it may lead the system to be more vulnerable. The solution detailed in this thesis deployed cloud-based honeypot technology, which is well-known for mimicking the real system while collecting actual data, to see network activity and help avoid potential attacks in near real-time. In this thesis, we have suggested a new threat intelligence technique by analysing attack data collected using cloud-based web services in order to identify attack artefacts and support active threat intelligence. This model was evaluated through experiments specifically designed using elastic stack technologies. The experiments were designed to assess the identification and prediction capability of the threat intelligence system for several different attack cases. The proposed cyber threat intelligence and modeling systems showed significant potential to detect future cyber-attacks in real-time.en_US
dc.description.sponsorshipGovernment of Qataren_US
dc.language.isoenen_US
dc.rights<a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-nd/3.0/88x31.png" /></a><br />The University of Bradford theses are licenced under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/">Creative Commons Licence</a>.eng
dc.subjectCyber-attacken_US
dc.subjectCyber-attack modellingen_US
dc.subjectCyber threat intelligenceen_US
dc.subjectElasticsearchen_US
dc.subjectHoneypotsen_US
dc.subjectCloud servicesen_US
dc.subjectAttack awarenessen_US
dc.subjectObject-based modelen_US
dc.titleCyber Attack Modelling using Threat Intelligence. An investigation into the use of threat intelligence to model cyber-attacks based on elasticsearch and honeypot data analysisen_US
dc.type.qualificationleveldoctoralen_US
dc.publisher.institutionUniversity of Bradfordeng
dc.publisher.departmentSchool of Electrical Engineering and Computer Scienceen_US
dc.typeThesiseng
dc.type.qualificationnamePhDen_US
dc.date.awarded2019
refterms.dateFOA2021-12-08T15:36:35Z


Item file(s)

Thumbnail
Name:
HAMAD thesis FINAL.pdf
Size:
3.073Mb
Format:
PDF
Description:
PhD Thesis

This item appears in the following Collection(s)

Show simple item record