Iman et al., 2023 - Google Patents
Anomalous File System Activity Detection Through Temporal Association Rule Mining.Iman et al., 2023
View PDF- Document ID
- 4529826446090790089
- Author
- Iman M
- Chikul P
- Jervan G
- Bahsi H
- Ghasempouri T
- Publication year
- Publication venue
- ICISSP
External Links
Snippet
NTFS USN Journal tracks all the changes in the files, directories, and streams of a volume for various reasons including backup. Although this data source has been considered a significant artifact for digital forensic investigations, the utilization of this source for automatic …
- 238000001514 detection method 0 title abstract description 20
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30067—File systems; File servers
- G06F17/30129—Details of further file system functionalities
- G06F17/30144—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30286—Information retrieval; Database structures therefor; File system structures therefor in structured data stores
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Xu et al. | Depcomm: Graph summarization on system audit logs for attack investigation | |
| Hassan et al. | Nodoze: Combatting threat alert fatigue with automated provenance triage | |
| Han et al. | {SIGL}: Securing software installations through deep graph learning | |
| Milajerdi et al. | Holmes: real-time apt detection through correlation of suspicious information flows | |
| US9424426B2 (en) | Detection of malicious code insertion in trusted environments | |
| Gül et al. | A survey on anti-forensics techniques | |
| Khan | Performance analysis of Bayesian networks and neural networks in classification of file system activities | |
| Carrier et al. | Automated Digital Evidence Target Definition Using Outlier Analysis and Existing Evidence. | |
| CN111953697A (en) | APT attack identification and defense method | |
| James et al. | Automated inference of past action instances in digital investigations | |
| EP3705974B1 (en) | Classification device, classification method, and classification program | |
| Pirch et al. | Tagvet: Vetting malware tags using explainable machine learning | |
| Zhang et al. | Ranker: Early ransomware detection through kernel-level behavioral analysis | |
| CN112560031A (en) | Lesovirus detection method and system | |
| Aly et al. | Megr-apt: A memory-efficient apt hunting system based on attack representation learning | |
| Verma et al. | Defining a metric space of host logs and operational use cases | |
| Ramadhan et al. | Forensic malware identification using naive bayes method | |
| Iman et al. | Anomalous File System Activity Detection Through Temporal Association Rule Mining. | |
| CN119728233A (en) | A network threat evidence collection method, program product, electronic device and storage medium | |
| Liew et al. | Detecting adversary using Windows digital artifacts | |
| Jeyaraman et al. | An empirical study of automatic event reconstruction systems | |
| Bhat et al. | A data mining approach for data generation and analysis for digital forensic application | |
| George et al. | Static Malware Family Clustering via Structural and Functional Characteristics | |
| Mao et al. | Centrality metrics of importance in access behaviors and malware detections | |
| Wang et al. | Exploiting frequent episodes in weighted suffix tree to improve intrusion detection system |