Visualizing Syscalls using Self-organizing Maps for System Intrusion Detection

Max Landauer; Florian Skopik; Markus Wurzenberger; Wolfgang Hotwagner; Andreas Rauber

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Visualizing Syscalls using Self-organizing Maps for System Intrusion Detection

Topics: AI and Machine Learning for Security; Data Mining and Knowledge Discovery; Intrusion Detection and Response; Malware Detection

In Proceedings of the 6th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 349-360, 2020 , Valletta, Malta

Authors: Max Landauer ¹ ; Florian Skopik ¹ ; Markus Wurzenberger ¹ ; Wolfgang Hotwagner ¹ and Andreas Rauber ²

Affiliations: ¹ Austrian Institute of Technology, Center for Digital Safety & Security, Vienna, Austria ; ² Vienna University of Technology, Institute of Information Systems Engineering, Vienna, Austria

Keyword(s): Anomaly Detection, Self-organizing Maps, Syscall Logs, Visualization.

Abstract: Monitoring syscall logs provides a detailed view on almost all processes running on a system. Existing approaches therefore analyze sequences of executed syscall types for system behavior modeling and anomaly detection in cyber security. However, failures and attacks that do not manifest themselves as type sequences violations remain undetected. In this paper we therefore propose to incorporate syscall parameter values with the objective of enriching analysis and detection with execution context information. Our approach thereby first selects and encodes syscall log parameters and then visualizes the resulting high-dimensional data using self-organizing maps to enable complex analysis. We thereby display syscall occurrence frequencies and transitions of consecutively executed syscalls. We employ a sliding window approach to detect changes of the system behavior as anomalies in the SOM mappings. In addition, we use SOMs to cluster aggregated syscall data for classification of normal a nd anomalous system behavior states. Finally, we validate our approach on a real syscall data set collected from an Apache web server. Our experiments show that all injected attacks are represented as changes in the SOMs, thus enabling visual or semi-automatic anomaly detection. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.116.63.236

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Landauer, M.; Skopik, F.; Wurzenberger, M.; Hotwagner, W. and Rauber, A. (2020). Visualizing Syscalls using Self-organizing Maps for System Intrusion Detection. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-399-5; ISSN 2184-4356, SciTePress, pages 349-360. DOI: 10.5220/0008918703490360

@conference{icissp20,
author={Max Landauer. and Florian Skopik. and Markus Wurzenberger. and Wolfgang Hotwagner. and Andreas Rauber.},
title={Visualizing Syscalls using Self-organizing Maps for System Intrusion Detection},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - ICISSP},
year={2020},
pages={349-360},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008918703490360},
isbn={978-989-758-399-5},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - ICISSP
TI - Visualizing Syscalls using Self-organizing Maps for System Intrusion Detection
SN - 978-989-758-399-5
IS - 2184-4356
AU - Landauer, M.
AU - Skopik, F.
AU - Wurzenberger, M.
AU - Hotwagner, W.
AU - Rauber, A.
PY - 2020
SP - 349
EP - 360
DO - 10.5220/0008918703490360
PB - SciTePress