Detection, Analysis and Mitigation of Cyber Security Threats

Abstract

In day to day life internet is used for almost everything now and there are several mediums (channel) available for people to search information which is relevant either in terms of business or entertainment perspective. These mediums can be used by hacker to steal the information and do at- tack on organization by using various techniques. Cyber security comes in all these scenarios which is very much important in each terms for organisation and user's perspective. The project consists various types attacks which are well known and are highly impact full for the organization and the complete process to detect and re-mediate / mitigate it in best manner by automation. Threats to an organization can be classified as follows first is Malicious email which is the most common way is phishing email to attack an organization, and if it is not solved properly it can be a major problem. Second is Security Threats which propagate through unauthorized login for more times i.e excessive login into any servers having confidential information which could lead company to huge loss. For example: Cross site scripting or SQL Injection. Third is Malware Threats which propagate into system by various malicious URLs and _les or software which are downloaded by the users through emails or internet in company environment, they can be Ransomware, Backdoors, Worms and Trojans that can potentially com- promise the organization network. The project includes ways of automating the cyber security detection and analysis process. The main objective is to detect, analyze and remediate threats proactively by organization. Also the project involves tuning of rules set i.e need to mitigate false positives which should result in Mean Time to Response (MTTR) as minimal as possible for every attack.