e-ISSN:0976-5166
p-ISSN:2231-3850


INDIAN JOURNAL OF COMPUTER SCIENCE AND ENGINEERING

Call for Papers

Dec 2019 - Volume 10, Issue 6
Deadline: 15 Nov 2019
Notification: 15 Dec 2019
Publication: 31 Dec 2019

Feb 2020 - Volume 11, Issue 1
Deadline: 15 Jan 2020
Notification: 15 Feb 2020
Publication: 29 Feb 2020

Indexed in

IJCSE Indexed in Scopus

ABSTRACT

Title : Automated Threat Hunting Using ELK Stack – A Case Study
Authors : MOZA AL SHIBANI, E ANUPRIYA
Keywords : -
Issue Date : Oct-Nov 2019
Abstract :
Modern threats are very much sophisticated and they bypass legitimate security tools. Static threat hunting methods are futile. The alternate threat hunting method is to dynamically analyze their entry and behavior in the network. The two popular methods to analyze threats are to use smart machine intelligent hunting software or monitor end point activity. The end point activities can be obtained from system log using Sysmon. The event logs are filtered to eliminate the normal day-to-day activities and the suspicious activities are forwarded to server with ELK stack. The server analyzes the process creation, parent processes and their behavior. Filter is applied on the server side to analyze and hunt the threats. As a case study, threatslike 1. Malicious code to remotely access files on shared drive and to delete them 2. Remote registry access to create or delete files on victim’s registry 3. Malware codes to escalate rights and to delete files were injected on the victim client machine by a threat actor from another client. The system identified all the threats successfully and segmented them with alert message. The complete system was implemented on virtual environment on Windows with Oracle VM Virtual Box for creating virtual environment.
Page(s) : 118-127
ISSN : 0976-5166
Source : Vol. 10, No.5
PDF : Download
DOI : 10.21817/indjcse/2019/v10i5/191005008