Advanced threat intelligence: detection and classification of anomalous behavior in system processes

被引:0
作者
Luh, Robert [1 ]
Schrittwieser, Sebastian [1 ]
机构
[1] Polten, Josef Ressel Zentrum TARGET, Matthias-Corvinus-Strasse 15, A-3100 St. Polten, Austria
来源
ELEKTROTECHNIK UND INFORMATIONSTECHNIK | 2020年 / 137卷 / 01期
关键词
malware; attack; anomaly detection;
D O I
10.1007/s00502-019-00780-x
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
With the advent of Advanced Persistent Threats (APTs), it has become increasingly difficult to identify and understand attacks on computer systems. This paper presents a system capable of explaining anomalous behavior within network-enabled user sessions by describing and interpreting kernel event anomalies detected by their deviation from normal behavior. The prototype has been developed at the Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks (TARGET) at St. Polten University of Applied Sciences.
引用
收藏
页码:38 / 44
页数:7
相关论文
共 30 条
[1]  
[Anonymous], 2012, YOU DIRTY RAT 1
[2]  
[Anonymous], 2016, P 18 INT C INF INT W
[3]  
[Anonymous], P 17 INT C INF INT W
[4]  
[Anonymous], INT SEC THREAT REP
[5]  
[Anonymous], CAPEC COMM ATT PATT
[6]  
[Anonymous], SPIE DEFENSE SECURIT
[7]  
[Anonymous], 2012, Windows internals
[8]  
[Anonymous], 2014 IEEE 8 INT S SE
[9]  
[Anonymous], P 4 INT C INF SYST S
[10]  
[Anonymous], 2004, COLING
123