Process monitoring on sequences of system call count vectors

Michael Dymshits, Benjamin Myara, David Tolpin

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

We introduce a methodology for efficient monitoring of processes running on hosts in a corporate network. The methodology is based on collecting streams of system calls produced by all or selected processes on the hosts, and sending them over the network to a monitoring server, where machine learning algorithms are used to identify changes in process behavior due to malicious activity, hardware failures, or software errors. The methodology uses a sequence of system call count vectors as the data format which can handle large and varying volumes of data. Unlike previous approaches, the methodology introduced in this paper is suitable for distributed collection and processing of data in large corporate networks. We evaluate the methodology both in a laboratory setting on a real-life setup and provide statistics characterizing performance and accuracy of the methodology.

Original languageEnglish
Title of host publicationProceedings - 2017 International Carnahan Conference on Security Technology, ICCST 2017
EditorsJavier Ortega-Garcia, Aythami Morales, Julian Fierrez, Ruben Vera-Rodriguez, Riccardo Lazzeretti
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-5
Number of pages5
ISBN (Electronic)9781538615850
DOIs
StatePublished - 5 Dec 2017
Externally publishedYes
Event2017 International Carnahan Conference on Security Technology, ICCST 2017 - Madrid, Spain
Duration: 23 Oct 201726 Oct 2017

Publication series

NameProceedings - International Carnahan Conference on Security Technology
Volume2017-October
ISSN (Print)1071-6572

Conference

Conference2017 International Carnahan Conference on Security Technology, ICCST 2017
Country/TerritorySpain
CityMadrid
Period23/10/1726/10/17

Keywords

  • LSTM
  • anomaly detection
  • malware
  • process monitoring
  • system calls

Fingerprint

Dive into the research topics of 'Process monitoring on sequences of system call count vectors'. Together they form a unique fingerprint.

Cite this