loading
Papers Papers/2020

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Robert Luh 1 ; Sebastian Schrittwieser 2 ; Stefan Marschalek 2 and Helge Janicke 3

Affiliations: 1 St. Pölten University of Applied Sciences and De Montfort University, Austria ; 2 St. Pölten University of Applied Sciences, Austria ; 3 De Montfort University, United Kingdom

ISBN: 978-989-758-209-7

ISSN: 2184-4356

Keyword(s): Intrusion Detection, Malware, Anomaly, Behavioral Analysis, Knowledge Generation, Graph.

Related Ontology Subjects/Areas/Topics: Internet Technology ; Intrusion Detection and Response ; Web Information Systems and Technologies

Abstract: Current signature-based malware detection systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst. In this paper, we propose a system able to explain anomalous behavior within a user session by considering anomalies identified through their deviation from a set of baseline process graphs. To minimize computational requirements we adapt star structures, a bipartite representation used to approximate the edit distance between two graphs. Baseline templates are generated automatically and adapt to the nature of the respective process. We prototypically implement smart anomaly explication through a number of competency questions derived and evaluated using the decision tree algorithm. The determined key factors are ultimately mapped to a dedicated APT attack stage ontology that considers actions, actors, as well as target assets.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.239.33.139

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Luh, R.; Schrittwieser, S.; Marschalek, S. and Janicke, H. (2017). Design of an Anomaly-based Threat Detection & Explication System.In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, ISSN 2184-4356, pages 397-402. DOI: 10.5220/0006205203970402

@conference{icissp17,
author={Robert Luh. and Sebastian Schrittwieser. and Stefan Marschalek. and Helge Janicke.},
title={Design of an Anomaly-based Threat Detection & Explication System},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={397-402},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006205203970402},
isbn={978-989-758-209-7},
}

TY - CONF

JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Design of an Anomaly-based Threat Detection & Explication System
SN - 978-989-758-209-7
AU - Luh, R.
AU - Schrittwieser, S.
AU - Marschalek, S.
AU - Janicke, H.
PY - 2017
SP - 397
EP - 402
DO - 10.5220/0006205203970402

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.