Towards a robust method of dataset generation of malicious activity on a windows-based operating system for anomaly-based HIDS training

Čeponis, Dainius; Goranin, Nikolaj

dc.contributor.author	Čeponis, Dainius
dc.contributor.author	Goranin, Nikolaj
dc.date.accessioned	2023-09-18T17:21:19Z
dc.date.available	2023-09-18T17:21:19Z
dc.date.issued	2018
dc.identifier.uri	https://etalpykla.vilniustech.lt/handle/123456789/122182
dc.description.abstract	Classical cyber-attack detection methods, based on signatures and rules demonstrate stagnation and inability to fight the zero-day, advanced-persistent-threat and similar attacks, while anomaly-based detection methods, although were exploited for a number of years, are still characterized by huge numbers of false-positives (valid user or application behavior, that has been classified as intrusion) and ability to work in relatively stable conditions. The progress chieved in recent years in the area of deep learning artificial intelligence techniques provide a potential for renewing the research on the topic and for achieving promising results. Anomaly-based intrusion detection systems (IDS) utilize the ability to learn from a training set of legal and malicious actions. In order to train anomaly-based IDS systems enormous amount of data is required. Majority of available datasets used for IDS training are related to the network-level based intrusion detection, while datasets for host-based intrusion detection system (HIDS), which is becoming extremely important, training are not available or incomplete and lack important features. In this article we propose a method for automated system-level anomaly dataset generation that is to be used in further training of artificial intelligence-based HIDS training. Details for method implementation are also presented and test results discussed.	eng
dc.format	PDF
dc.format.extent	p. 23-32
dc.format.medium	tekstas / txt
dc.language.iso	eng
dc.relation.ispartofseries	CEUR Workshop Proceedings 1613-0073
dc.relation.isreferencedby	Scopus
dc.source.uri	http://ceur-ws.org/Vol-2158/paper3.pdf
dc.source.uri	http://ceur-ws.org/Vol-2158/
dc.title	Towards a robust method of dataset generation of malicious activity on a windows-based operating system for anomaly-based HIDS training
dc.type	Straipsnis konferencijos darbų leidinyje Scopus DB / Paper in conference publication in Scopus DB
dcterms.accessRights	Online Proceedings for Scientific Conferences and Workshops.
dcterms.references	27
dc.type.pubtype	P1b - Straipsnis konferencijos darbų leidinyje Scopus DB / Article in conference proceedings Scopus DB
dc.contributor.institution	Vilniaus Gedimino technikos universitetas
dc.contributor.faculty	Fundamentinių mokslų fakultetas / Faculty of Fundamental Sciences
dc.subject.researchfield	T 007 - Informatikos inžinerija / Informatics engineering
dc.subject.vgtuprioritizedfields	IK0101 - Informacijos ir informacinių technologijų sauga / Information and Information Technologies Security
dc.subject.ltspecializations	L106 - Transportas, logistika ir informacinės ir ryšių technologijos (IRT) / Transport, logistic and information and communication technologies
dc.subject.en	anomaly detection
dc.subject.en	HIDS
dc.subject.en	Windows system calls
dcterms.sourcetitle	CEUR Workshop Proceedings. Joint Proceedings of Baltic DB&IS 2018 Conference Forum and Doctoral Consortium co-located with the 13th International Baltic Conference on Databases and Information Systems (Baltic DB&IS 2018), Trakai, Lithuania, July 1-4, 2018 / edited by Audronė Lupeikienė, Raimundas Matulevičius, Olegas Vasilecas
dc.description.volume	vol. 2158
dc.publisher.name	CEUR-WS
dc.publisher.city	Aachen
dc.identifier.doi	2-s2.0-85054936969
dc.identifier.elaba	30546023

Šio įrašo failai

Failai	Dydis	Formatas	Peržiūra
Su šiuo įrašu susijusių failų nėra.

Šis įrašas yra šioje (-se) kolekcijoje (-ose)

Konferencijų straipsniai / Conference Articles [15192]

Rodyti trumpą aprašą