Abstract
The threat encompassing the critical computing infrastructure nations depend upon has shifted. A new dynamic of adversaries leveraging a playbook of highly sophisticated, organized, and well funded cyber attacks has emerged. These adversaries penetrate networks using exploits, tools, and techniques that are not detected by traditional client and network security software. Compromised networks stand to lose irreparable amounts of sensitive information and trade secrets if confidentiality is lost. The threat has shifted, but detection and response mechanisms have largely remained the same. They have maintained the same largely ineffective result these advanced adversaries count on.
To counter this, the development and implementation of a client based relational indicator database schema was researched and designed. This schema represents information that, when aggregated over time, signifies an archive of actionable intelligence. The relational model contains tables of client snapshots, each of which are correlated to their respective subset of indicator metadata consisting of differing types of system information. A complete proof of concept implementation was developed using an agent based reporting structure. The agent, named CAITO (Collector of Actionable Intelligence for Threat Observations), reports relevant system information to a database using the developed schema. CAITO is also capable of processing administrative instructions by accessing a remote XML based configuration file. A front-end web portal was also developed to demonstrate the facilitation of analyst queries with the derived dataset. The technical implementation is designed to be integrated into any Microsoft Windows environment. It may be deployed as a Microsoft Self Installer through Active Directory to clients as a Windows based service.
Library of Congress Subject Headings
Computer networks--Security measures; Relational databases--Design; Relational databases--Management
Publication Date
10-26-2010
Document Type
Thesis
Student Type
Graduate
Degree Name
Networking and System Administration (MS)
Advisor
Yin Pan
Advisor/Committee Member
Eric Hutchins
Advisor/Committee Member
Jason Koppe
Recommended Citation
Batchelor, Jason, "Facilitating Rapid Response with a Relational Indicator Database Schema and Client Agents" (2010). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/9096
Campus
RIT – Main Campus
Plan Codes
NETSYS-MS