o:2116 Towards Dynamic Attack Recognition for SIEM en St. Pölten, FH-Stg. Information Security, Master Thesis, 2014 Security Incident and Event Management (SIEM) is capable of facilitating IT Security issues. Systems of that kind analyze events from multiple sources like firewalls, routers, client computers and programs. Based on this information, they can be configured to raise alarm if a specified pattern is recognized within the input data. The patterns for alert generation are commonly defined by static rules. Maintenance of static rules is a sophisticated issue. In order to facilitate these tasks, the aim of this work is to find methods which are capable of dynamically finding attack patterns within events sent to a SIEM system. Therefore, machine learning approaches are considered. Based on evaluated methods, the design of a framework for dynamic attack recognition is described. The framework consists of multiple modules. The modules work on the input data consecutively. Each, the first and the last module of the framework are based on machine learning algorithms. The first module is responsible for classification of input data. The last module recognizes attack patterns dynamically. For the classification module, a testing environment is established. The goal of the tests is to find the most efficient algorithm for classification. Hacker; Erkennung 1552151 AC12263787 2017-05-04T12:29:27.346Z 44 no 46 Stefan Langeder 2014 application/pdf 2091198 http://phaidra.fhstp.ac.at/o:2116 no yes 1 70