ProvSec: Open Cybersecurity System Provenance Analysis Benchmark Dataset with Labels

被引：0

作者：

Shrestha, Madhukar ^{[1
]}

Kim, Yonghyun ^{[1
]}

Oh, Jeehyun ^{[1
]}

Rhee, Junghwan ^{[1
]}

Choe, Yung Ryn ^{[2
]}

Zuo, Fei ^{[1
]}

Park, Myungah ^{[1
]}

Qian, Gang ^{[1
]}

机构：

[1] Univ Cent Oklahoma, Comp Sci Dept, 100 Univ North Dr, Edmond, OK 73034 USA

[2] Sandia Natl Labs, POB 969 MS 9105, Livermore, CA 94551 USA

来源：

INTERNATIONAL JOURNAL OF NETWORKED AND DISTRIBUTED COMPUTING | 2023年 / 11卷 / 02期

关键词：

Provenance; Dataset; Attack; Backtracking; VIDEO; BLOCKCHAIN; FEATURES;

D O I：

10.1007/s44227-023-00014-9

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

System provenance forensic analysis has been studied by a large body of research work. This area needs fine granularity data such as system calls along with event fields to track the dependencies of events. While prior work on security datasets has been proposed, we found a useful dataset of realistic attacks and details that are needed for high-quality provenance tracking is lacking. We created a new dataset of eleven vulnerable cases for system forensic analysis. It includes the full details of system calls including syscall parameters. Realistic attack scenarios with real software vulnerabilities and exploits are used. For each case, we created two sets of benign and adversary scenarios which are manually labeled for supervised machine-learning analysis. In addition, we present an algorithm to improve the data quality in the system provenance forensic analysis. We demonstrate the details of the dataset events and dependency analysis of our dataset cases.

引用

页码：112 / 123

页数：12

共 52 条

[21] King S. T., 2003, Operating Systems Review, V37, P223, DOI 10.1145/1165389.945467
[22] Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset
Koroniotis, Nickolaos
Moustafa, Nour
Sitnikova, Elena
Turnbull, Benjamin
[J]. FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2019, 100 : 779 - 796
[23] Lee KH, 2013, CCS, P1005
[24] Lee KH, 2013, 20 ANN NETW DISTR SY
[25] Lippmann R, 2000, P DARPA INF SURV C E, V2, P12
[26] Towards a Timely Causality Analysis for Enterprise Security
Liu, Yushan
Zhang, Mu
Li, Ding
Jee, Kangkook
Li, Zhichun
Wu, Zhenyu
Rhee, Junghwan
Mittal, Prateek
[J]. 25TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2018), 2018,
[27] Ma S, 2015, ACSAC 2015, DOI [10.1145/2818000.2818039, DOI 10.1145/2818000.2818039]
[28] ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting
Ma, Shiqing
Zhang, Xiangyu
Xu, Dongyan
[J]. 23RD ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2016), 2016,
[29] Magazine S, 2021, Now ransomware is inundating public school systems
[30] Marcelli A, 2022, PROCEEDINGS OF THE 31ST USENIX SECURITY SYMPOSIUM, P2099

← 1 2 3 4 5 6 →