A4 Vertaisarvioitu artikkeli konferenssijulkaisussa
Towards Profiling Program Instances in Host-Based Intrusion Detection Systems by Recognizing Software Update Patterns
Tekijät: Koivunen L, Rauti S, Leppänen V
Toimittaja: Pete Burnap et al.
Konferenssin vakiintunut nimi: International Conference on Security of Information and Networks
Kustantaja: ACM
Julkaisuvuosi: 2018
Kokoomateoksen nimi: Proceedings of the 11th International Conference on Security of Information and Networks
Numero sarjassa: Article no. 21
ISBN: 978-1-4503-6608-3
DOI: https://doi.org/10.1145/3264437.3264486
Verkko-osoite: http://doi.acm.org/10.1145/3264437.3264486
Host intrusion detection systems are used to analyze internal events on host machines and detect behavioral patterns that differ from normal operation of the system and its processes. One important aspect in observing the behavior of processes are the application updates that may change the behavior of an application but also potentially help to build a profile for the application when observing its update patterns. In this study, we observe update frequencies and patterns of a set of applications on 100 machines during an analysis period of 100 days. Our preliminary results indicate that it is possible to detect clear software update patterns that can be used for profiling processes.
