NCI WEBSITE
NORMA eResearch @NCI Library

Embrace Threat Intelligence into Threat Modelling for preventing potential vulnerabilities

Tools

Nannapaneni, Alekhya (2023) Embrace Threat Intelligence into Threat Modelling for preventing potential vulnerabilities. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (3MB) | Preview
[thumbnail of Configuration manual]
Preview
 PDF (Configuration manual)
Download (1MB) | Preview

Abstract

In the real-world cyber criminals are finding new technologies and techniques to attack on the different organizations like health sectors, educational institutions, government sectors, information technologies. This causes huge loss of data, compromise sensitive information loss, services downtime, ransomware. Hackers can also use this information to cause financial loss. To face these consequences and mitigate the attacks organizations should be well prepared. In order to perform this, we should be updated and have a understanding of the emerging threats and patterns. This knowledge helps to develop the defense mechanisms. The objective of this assessment is to highlight the importance of analyzing the real time threats along with threat modelling and explaining the integration advantages in a practical manner. Here, our main objective is to predict vulnerabilities or threats for the application defined. The framework consists of three primary steps: preparing an architectural diagram for analysis, threat modelling for risk assessment report, and processing a dataset for threat intelligence report. Threat intelligence reports will be analyzed to determine which are specific to architecture components and merge with threat modelling reports. The baseline Common Vulnerability Scoring System (CVSS) score mentioned are updated using the insights of the report generated. This helps in having more accurate data for finding possible vulnerabilities. This also gives an idea of threat patterns and suggestions for mitigations. The results obtained include vulnerabilities security misconfiguration, directory traversal remote code execution, improper input validation with the severities 9.8 (Critical), 8 (High), 3.9 (Low). The remediation measures in general include performing proper input validation for Unicode characters, updating the software versions, verify unauthorized access.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Prior, Michael
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
H Social Sciences > HD Industries. Land use. Labor > HD28 Management. Industrial Management > Strategic Management
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Tamara Malone
Date Deposited: 24 Oct 2024 15:09
Last Modified: 24 Oct 2024 15:09
URI: https://norma.ncirl.ie/id/eprint/7137

Actions (login required)

View Item View Item