23,614 research outputs found
Recommended from our members
A survey on online monitoring approaches of computer-based systems
This report surveys forms of online data collection that are in current use (as well as being the subject of research to adapt them to changing technology and demands), and can be used as inputs to assessment of dependability and resilience, although they are not primarily meant for this use
Side-channel based intrusion detection for industrial control systems
Industrial Control Systems are under increased scrutiny. Their security is
historically sub-par, and although measures are being taken by the
manufacturers to remedy this, the large installed base of legacy systems cannot
easily be updated with state-of-the-art security measures. We propose a system
that uses electromagnetic side-channel measurements to detect behavioural
changes of the software running on industrial control systems. To demonstrate
the feasibility of this method, we show it is possible to profile and
distinguish between even small changes in programs on Siemens S7-317 PLCs,
using methods from cryptographic side-channel analysis.Comment: 12 pages, 7 figures. For associated code, see
https://polvanaubel.com/research/em-ics/code
Comparison of System Call Representations for Intrusion Detection
Over the years, artificial neural networks have been applied successfully in
many areas including IT security. Yet, neural networks can only process
continuous input data. This is particularly challenging for security-related
non-continuous data like system calls. This work focuses on four different
options to preprocess sequences of system calls so that they can be processed
by neural networks. These input options are based on one-hot encoding and
learning word2vec or GloVe representations of system calls. As an additional
option, we analyze if the mapping of system calls to their respective kernel
modules is an adequate generalization step for (a) replacing system calls or
(b) enhancing system call data with additional information regarding their
context. However, when performing such preprocessing steps it is important to
ensure that no relevant information is lost during the process. The overall
objective of system call based intrusion detection is to categorize sequences
of system calls as benign or malicious behavior. Therefore, this scenario is
used to evaluate the different input options as a classification task. The
results show, that each of the four different methods is a valid option when
preprocessing input data, but the use of kernel modules only is not recommended
because too much information is being lost during the mapping process.Comment: 12 pages, 1 figure, submitted to CISIS 201
- …