A4 Refereed article in a conference publication
Towards Profiling Program Instances in Host-Based Intrusion Detection Systems by Recognizing Software Update Patterns
Authors: Koivunen L, Rauti S, Leppänen V
Editors: Pete Burnap et al.
Conference name: International Conference on Security of Information and Networks
Publisher: ACM
Publication year: 2018
Book title : Proceedings of the 11th International Conference on Security of Information and Networks
Number in series: Article no. 21
ISBN: 978-1-4503-6608-3
DOI: https://doi.org/10.1145/3264437.3264486
Web address : http://doi.acm.org/10.1145/3264437.3264486
Host intrusion detection systems are used to analyze internal events on host machines and detect behavioral patterns that differ from normal operation of the system and its processes. One important aspect in observing the behavior of processes are the application updates that may change the behavior of an application but also potentially help to build a profile for the application when observing its update patterns. In this study, we observe update frequencies and patterns of a set of applications on 100 machines during an analysis period of 100 days. Our preliminary results indicate that it is possible to detect clear software update patterns that can be used for profiling processes.
