Grimmer, M. ; Röhling, M. ; Kricke, M. ; Franczyk, B. ; Rahm, E.

Intrusion Detection on System Call Graphs

25. DFN-Konferenz \"Sicherheit in vernetzten Systemen\"

2018

Paper

Futher information: https://www.dfn-cert.de/veranstaltungen/Sicherheitskonferenz2018.html

Abstract

Cyber attacks such as ransomware can do great damage. Intrusion detection systems can help to detect those attacks. Especially with anomaly detection methods, it is possible to detect previous unknown attacks. In this paper, we present a graph-based approach in combination with existing methods trying to increase recognition rates and reduce false alarm rates. Our Hypotheses: By taking the inherent structure of the underlying data into account, it is possible to gain more insights compared to other known methods. The modern ADFA-LD dataset was used for the evaluation, which reflects the operation in a modern operating system. Compared to the Stide approach we demonstrate that a graph-based approach can keep pace.