loading
Documents

Research.Publish.Connect.

Paper

Authors: Max Landauer 1 ; Florian Skopik 1 ; Markus Wurzenberger 1 ; Wolfgang Hotwagner 1 and Andreas Rauber 2

Affiliations: 1 Austrian Institute of Technology, Center for Digital Safety & Security, Vienna, Austria ; 2 Vienna University of Technology, Institute of Information Systems Engineering, Vienna, Austria

ISBN: 978-989-758-399-5

Keyword(s): Anomaly Detection, Self-organizing Maps, Syscall Logs, Visualization.

Abstract: Monitoring syscall logs provides a detailed view on almost all processes running on a system. Existing approaches therefore analyze sequences of executed syscall types for system behavior modeling and anomaly detection in cyber security. However, failures and attacks that do not manifest themselves as type sequences violations remain undetected. In this paper we therefore propose to incorporate syscall parameter values with the objective of enriching analysis and detection with execution context information. Our approach thereby first selects and encodes syscall log parameters and then visualizes the resulting high-dimensional data using self-organizing maps to enable complex analysis. We thereby display syscall occurrence frequencies and transitions of consecutively executed syscalls. We employ a sliding window approach to detect changes of the system behavior as anomalies in the SOM mappings. In addition, we use SOMs to cluster aggregated syscall data for classification of normal an d anomalous system behavior states. Finally, we validate our approach on a real syscall data set collected from an Apache web server. Our experiments show that all injected attacks are represented as changes in the SOMs, thus enabling visual or semi-automatic anomaly detection. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 100.24.125.162

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Landauer, M.; Skopik, F.; Wurzenberger, M.; Hotwagner, W. and Rauber, A. (2020). Visualizing Syscalls using Self-organizing Maps for System Intrusion Detection.In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 349-360. DOI: 10.5220/0008918703490360

@conference{icissp20,
author={Max Landauer. and Florian Skopik. and Markus Wurzenberger. and Wolfgang Hotwagner. and Andreas Rauber.},
title={Visualizing Syscalls using Self-organizing Maps for System Intrusion Detection},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={349-360},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008918703490360},
isbn={978-989-758-399-5},
}

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Visualizing Syscalls using Self-organizing Maps for System Intrusion Detection
SN - 978-989-758-399-5
AU - Landauer, M.
AU - Skopik, F.
AU - Wurzenberger, M.
AU - Hotwagner, W.
AU - Rauber, A.
PY - 2020
SP - 349
EP - 360
DO - 10.5220/0008918703490360

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.