In this Major Qualifying Project, we explored utilizing ensemble learning and data visualization to detect lateral movement from Advanced Persistent Threats (APTs) in enterprise networks. We developed a detection framework for analysts to pinpoint malicious events within a cybersecurity dataset from Los Alamos National Laboratory. Our project produced two primary findings: ensemble learning significantly improved the detection rate of malicious events, and a heatmap visualization can provide promising indications of suspicious activity, but remains ultimately insufficient for reliably identifying APTs.

• This report represents the work of one or more WPI undergraduate students submitted to the faculty as evidence of completion of a degree requirement. WPI routinely publishes these reports on its website without editorial or peer review.

Creator

• Longo, Madeleine C.
• Vossoughi, Ian
• Martin, Jeffrey Alan

贡献者

• Staheli, Diane
• Gomez, Steven

Publisher

• Worcester Polytechnic Institute

Identifier

• E-project-101217-203727

Advisor

• Heineman, George T.

Year

• 2017

Center

• MIT Lincoln Laboratory-Lexington, Massachusetts Project Center - MQP

Sponsor

• MIT Lincoln Laboratory

Date created

• 2017-10-12

Resource type

• Major Qualifying Project

Major

• Computer Science

Rights statement

• In Copyright