ProvSec: Open Cybersecurity System Provenance Analysis Benchmark Dataset with Labels

被引：0

作者：

Shrestha, Madhukar ^{[1
]}

Kim, Yonghyun ^{[1
]}

Oh, Jeehyun ^{[1
]}

Rhee, Junghwan ^{[1
]}

Choe, Yung Ryn ^{[2
]}

Zuo, Fei ^{[1
]}

Park, Myungah ^{[1
]}

Qian, Gang ^{[1
]}

机构：

[1] Univ Cent Oklahoma, Comp Sci Dept, 100 Univ North Dr, Edmond, OK 73034 USA

[2] Sandia Natl Labs, POB 969 MS 9105, Livermore, CA 94551 USA

来源：

INTERNATIONAL JOURNAL OF NETWORKED AND DISTRIBUTED COMPUTING | 2023年 / 11卷 / 02期

关键词：

Provenance; Dataset; Attack; Backtracking; VIDEO; BLOCKCHAIN; FEATURES;

D O I：

10.1007/s44227-023-00014-9

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

System provenance forensic analysis has been studied by a large body of research work. This area needs fine granularity data such as system calls along with event fields to track the dependencies of events. While prior work on security datasets has been proposed, we found a useful dataset of realistic attacks and details that are needed for high-quality provenance tracking is lacking. We created a new dataset of eleven vulnerable cases for system forensic analysis. It includes the full details of system calls including syscall parameters. Realistic attack scenarios with real software vulnerabilities and exploits are used. For each case, we created two sets of benign and adversary scenarios which are manually labeled for supervised machine-learning analysis. In addition, we present an algorithm to improve the data quality in the system provenance forensic analysis. We demonstrate the details of the dataset events and dependency analysis of our dataset cases.

引用

页码：112 / 123

页数：12

共 52 条

[1] Aldribi A, 2018, STUD BIG DATA, V39, P333, DOI 10.1007/978-3-319-73676-1_13
[2] Analyzing the Usefulness of the DARPA OpTC Dataset in Cyber Threat Detection Research
Anjum, Md. Monowar
Iqbal, Shahrear
Hamelin, Benoit
[J]. PROCEEDINGS OF THE 26TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, SACMAT 2021, 2021, : 27 - 32
[3] [Anonymous], 2020, Nature, DOI 10.1038/d41586-020-00154-w
[4] [Anonymous], 2021, Bloomberg
[5] Balakrishnan N, 2013, 5 USENIX WORKSH THEO
[6] Banadaki YM, 2020, Journal of Computer Sciences and Applications, V8, P46, DOI [10.12691/jcsa-8-2-2, DOI 10.12691/JCSA-8-2-2]
[7] Bates A, 2015, PROCEEDINGS OF THE 24TH USENIX SECURITY SYMPOSIUM, P319
[8] Chan SC, 2017, 9 USENIX WORKSH THEO
[9] Cheng Z, 2024, IEEE S SEC PRIV SP
[10] CNN, 2021, Kaseya ransomware attack businesses affected

← 1 2 3 4 5 6 →