Show simple item record

dc.contributor.authorKobezak, Philip D.en
dc.date.accessioned2018-05-23T08:00:26Zen
dc.date.available2018-05-23T08:00:26Zen
dc.date.issued2018-05-22en
dc.identifier.othervt_gsexam:15932en
dc.identifier.urihttp://hdl.handle.net/10919/83375en
dc.description.abstractChallenges exist in higher education networks with host inventory and identification. Any student, staff, faculty, or dedicated IT administrator can be the primary responsible personnel for devices on the network. Confounding the problem is that there is also a large mix of personally-owned devices. These network environments are a hybrid of corporate enterprise, federated network, and Internet service provider. This management model has survived for decades based on the ability to identify responsible personnel when a host, system, or user account is suspected to have been compromised or is disrupting network availability for others. Mobile devices, roaming wireless access, and users accessing services from multiple devices has made the task of identification onerous. With increasing numbers of hosts on networks of higher education institutions, strategies such as dynamic addressing and address translation become necessary. The proliferation of the Internet of Things (IoT) makes this identification task even more difficult. Loss of intellectual property, extortion, theft, and reputational damage are all significant risks to research institution networks. Quickly responding to and remediating incidents reduces exposure and risk. This research evaluates what universities are doing for host inventory and creates a working prototype of a system for associating relevant log events to one or more responsible people. The prototype reduces the need for human-driven updates while enriching the dynamic host inventory with additional information. It also shows the value of associating application and service authentications to hosts. The prototype uses live network data which is de-identified to protect privacy.en
dc.format.mediumETDen
dc.publisherVirginia Techen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectCybersecurityen
dc.subjectLog Analysisen
dc.subjectNetwork Inventoryen
dc.subjectHost Inventoryen
dc.titleFrequent Inventory of Network Devices for Incident Response: A Data-driven Approach to Cybersecurity and Network Operationsen
dc.typeThesisen
dc.contributor.departmentElectrical and Computer Engineeringen
dc.description.degreeMaster of Scienceen
thesis.degree.nameMaster of Scienceen
thesis.degree.levelmastersen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.disciplineComputer Engineeringen
dc.contributor.committeechairTront, Joseph G.en
dc.contributor.committeememberMidkiff, Scott F.en
dc.contributor.committeememberMarchany, Randolph C.en


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record