東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Linked to FindBook

Google Book

Amazon

博客來

Applying Machine Learning on Linux Interprocess Communication Graphs for Intrusion Detection.

Record Type:	Electronic resources : Monograph/item
Title/Author:	Applying Machine Learning on Linux Interprocess Communication Graphs for Intrusion Detection./
Author:	Augustine, William Anthony.
Published:	Ann Arbor : ProQuest Dissertations & Theses, : 2021,
Description:	163 p.
Notes:	Source: Dissertations Abstracts International, Volume: 83-03, Section: B.
Contained By:	Dissertations Abstracts International83-03B.
Subject:	Information technology. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28652667
ISBN:	9798535543307

Applying Machine Learning on Linux Interprocess Communication Graphs for Intrusion Detection.
Augustine, William Anthony.

Applying Machine Learning on Linux Interprocess Communication Graphs for Intrusion Detection. - Ann Arbor : ProQuest Dissertations & Theses, 2021 - 163 p.

Source: Dissertations Abstracts International, Volume: 83-03, Section: B.

Thesis (Ph.D.)--State University of New York at Albany, 2021.

This item must not be sold to any third party vendors.

Information assurance and computer system security involve many facets, one of which is intrusion detection. Traditional misuse-based intrusion detection systems involve examining certain files (e.g. executables) for known malware signatures, monitoring file accesses and alterations, and searching log records on the protected systems for known indicators of compromise. Encryption and polymorphism are used by malware authors to limit the effectiveness of such techniques. Newer intrusion detection approaches use anomaly based heuristics to look for aberrant user and system behaviors. However, both mechanisms are subject to subterfuge by computer memory (RAM) resident malware. Using the digital forensics techniques of memory capture and analysis can avoid this detection evasion capability. Some memory introspection research works have examined data in use and process execution (by interrogating operating system data structures and system call traces) to detect malicious activity. This dissertation provides a novel approach to host-based intrusion detection by analyzing data in RAM describing (a subset of) interprocess communications (IPC) exchanges. Network theory shows that information exchanges are well suited for modeling using graph structures. For this project, 634 memory captures were collected from physical and virtual Linux machines under varying loads (most benign, some malicious). Using digital forensics memory capture and analysis tools, processes and IPC resource use data were used to generate node features and were then formed into graphs. These systems graphs were aggregated and processed using machine learning techniques. Python was used to build graph neural network models which provided node embeddings that were processed using community detection, clustering, and classification algorithms. Evaluation of experimental results shows positive capability for classifying malicious nodes within the process graphs.

ISBN: 9798535543307Subjects--Topical Terms:

532993
Information technology.
Subjects--Index Terms:

Machine learning

Applying Machine Learning on Linux Interprocess Communication Graphs for Intrusion Detection.
LDR:03126nmm a2200361 4500 001 2352144
005 20221118093822.5
008 241004s2021 ||||||||||||||||| ||eng d
020 $a 9798535543307
035 $a (MiAaPQ)AAI28652667
035 $a AAI28652667
040 $a MiAaPQ $c MiAaPQ
100 1 $a Augustine, William Anthony. $3 3691764
245 1 0 $a Applying Machine Learning on Linux Interprocess Communication Graphs for Intrusion Detection.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2021
300 $a 163 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-03, Section: B.
500 $a Advisor: Goel, Sanjay.
502 $a Thesis (Ph.D.)--State University of New York at Albany, 2021.
506 $a This item must not be sold to any third party vendors.
520 $a Information assurance and computer system security involve many facets, one of which is intrusion detection. Traditional misuse-based intrusion detection systems involve examining certain files (e.g. executables) for known malware signatures, monitoring file accesses and alterations, and searching log records on the protected systems for known indicators of compromise. Encryption and polymorphism are used by malware authors to limit the effectiveness of such techniques. Newer intrusion detection approaches use anomaly based heuristics to look for aberrant user and system behaviors. However, both mechanisms are subject to subterfuge by computer memory (RAM) resident malware. Using the digital forensics techniques of memory capture and analysis can avoid this detection evasion capability. Some memory introspection research works have examined data in use and process execution (by interrogating operating system data structures and system call traces) to detect malicious activity. This dissertation provides a novel approach to host-based intrusion detection by analyzing data in RAM describing (a subset of) interprocess communications (IPC) exchanges. Network theory shows that information exchanges are well suited for modeling using graph structures. For this project, 634 memory captures were collected from physical and virtual Linux machines under varying loads (most benign, some malicious). Using digital forensics memory capture and analysis tools, processes and IPC resource use data were used to generate node features and were then formed into graphs. These systems graphs were aggregated and processed using machine learning techniques. Python was used to build graph neural network models which provided node embeddings that were processed using community detection, clustering, and classification algorithms. Evaluation of experimental results shows positive capability for classifying malicious nodes within the process graphs.
590 $a School code: 0668.
650 4 $a Information technology. $3 532993
650 4 $a Computer science. $3 523869
650 4 $a Artificial intelligence. $3 516317
650 4 $a Software. $2 gtt. $3 619355
650 4 $a Malware. $3 3562952
650 4 $a Datasets. $3 3541416
653 $a Machine learning
653 $a Linux
653 $a Interprocess communication graphs
653 $a Intrusion detection
690 $a 0489
690 $a 0984
690 $a 0800
710 2 $a State University of New York at Albany. $b Information Science. $3 3428919
773 0 $t Dissertations Abstracts International $g 83-03B.
790 $a 0668
791 $a Ph.D.
792 $a 2021
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28652667