German English

Intrusion Detection on System Call Graphs

PDF
further information
Google Scholar
publication iconGrimmer, Martin; Röhling, Martin Max; Kricke, Matthias; Franczyk, Bogdan; Rahm, Erhard
Intrusion Detection on System Call Graphs
25. DFN-Konferenz "Sicherheit in vernetzten Systemen"
2018

Further information: https://www.dfn-cert.de/veranstaltungen/Sicherheitskonferenz2018.html

Description

Cyber attacks such as ransomware can do great damage. Intrusion detection systems can help to detect those attacks. Especially with anomaly detection methods, it is possible to detect previous unknown attacks. In this paper, we present a graph-based approach in combination with existing methods trying to increase recognition rates and reduce false alarm rates. Our Hypotheses: By taking the inherent structure of the underlying data into account, it is possible to gain more insights compared to other known methods. The modern ADFA-LD dataset was used for the evaluation, which reflects the operation in a modern operating system. Compared to the Stide approach we demonstrate that a graph-based approach can keep pace.

AttachmentSize
Intrusion-Detection-on-System-Call-Graphs.pdf436.06 KB