| dc.contributor.author | Goranin, Nikolaj | |
| dc.contributor.author | Čeponis, Dainius | |
| dc.date.accessioned | 2023-09-18T17:42:36Z | |
| dc.date.available | 2023-09-18T17:42:36Z | |
| dc.date.issued | 2018 | |
| dc.identifier.issn | 2535-0668 | |
| dc.identifier.uri | https://etalpykla.vilniustech.lt/handle/123456789/125296 | |
| dc.description.abstract | Nowadays, information systems security is a crucial aspect – vulnerable system endpoint can lead to severe data loss. Intrusion detection systems (IDS) are used to detect such unfortunate events. Implementation place defines the type of IDS: network-based (NIDS) for network traffic monitoring or host-based (HIDS), to detect malicious actions on the host level. IDS can be effective only if generated alerts are correctly evaluated and classified, what is typically done by a trained staff, but requires a lot of time and human resources. While a lot research is done with NIDS alerts evaluation, HIDS research is lacking behind. HIDS reported operating system calls could be used to define the importance of alarms and steer analysts to the most critical issues. In this article we demonstrate the applicability of our created Attack-Caused Windows System Calls Traces Dataset (AWSCTD), which is currently the most comprehensive dataset of system calls generated by almost all modern malware types, for training different classification methods on malware type recognition and later alert prioritization. The effectiveness of different classification methods is evaluated, and results are presented. Currently achieved results allow to decrease the load on analytical staff, dealing with malware classification and related alert prioritization by 92.4%, which makes this approach applicable for practical use. | eng |
| dc.format | PDF | |
| dc.format.extent | p. 186-189 | |
| dc.format.medium | tekstas / txt | |
| dc.language.iso | eng | |
| dc.source.uri | http://stumejournals.com/confsec.htm | |
| dc.title | Investigation of AWSCTD dataset applicability for malware type classification | |
| dc.type | Straipsnis kitame recenzuotame leidinyje / Article in other peer-reviewed source | |
| dcterms.references | 21 | |
| dc.type.pubtype | S4 - Straipsnis kitame recenzuotame leidinyje / Article in other peer-reviewed publication | |
| dc.contributor.institution | Vilniaus Gedimino technikos universitetas | |
| dc.contributor.faculty | Fundamentinių mokslų fakultetas / Faculty of Fundamental Sciences | |
| dc.contributor.department | Taikomosios informatikos institutas / Institute of Applied Computer Science | |
| dc.subject.researchfield | T 007 - Informatikos inžinerija / Informatics engineering | |
| dc.subject.vgtuprioritizedfields | IK0101 - Informacijos ir informacinių technologijų sauga / Information and Information Technologies Security | |
| dc.subject.ltspecializations | L106 - Transportas, logistika ir informacinės ir ryšių technologijos (IRT) / Transport, logistic and information and communication technologies | |
| dc.subject.en | hids | |
| dc.subject.en | alert prioritisation | |
| dc.subject.en | machine learning | |
| dc.subject.en | windows | |
| dc.subject.en | system calls | |
| dcterms.sourcetitle | International Scientific Journal Security & Future | |
| dc.description.issue | iss. 4 | |
| dc.description.volume | vol. 2 | |
| dc.publisher.name | Scientific Technical Union of Mechanical Engineering "Industry-4.0" | |
| dc.publisher.city | Sofia | |
| dc.identifier.elaba | 33148261 | |
