Almecija, M. Valerio (2024) A new threat detection method based on Windows events management system. Dataset pre-processing for introducing machine learning techniques PRE - Projet de recherche, ENSTA.
Aucun fichier n'a encore été téléchargé pour ce document.
Résumé
In the past decades, the antivirus systems have become more efficient and in response and, as a result, the adversary techniques also became more sophisticated to evade them, using different obfuscation techniques. Classic detection systems are now outdated. This project proposes a detection system based on the analysis of events captured by the operative system and matching them with the MITRE ATT&CK matrix and the Cyber Kill Chain. With the objective of automating and improving the detection system, a dataset of malicious and non-malicious events was created. The internship presented in this report consisted of a preliminary analysis of the dataset, its exploration and pre-analysis, with the future goal of training an autoencoder to improve the detection system.
| Type de document: | Rapport ou mémoire (PRE - Projet de recherche) |
|---|---|
| Mots-clés libres: | dataset, MITRE ATT&CK, Cyber Kill Chain, event-based threat detection, autoencoders, Windows |
| Sujets: | Sciences et technologies de l'information et de la communication |
| Code ID : | 9961 |
| Déposé par : | Valerio ALMECIJA |
| Déposé le : | 30 juill. 2024 10:15 |
| Dernière modification: | 30 juill. 2024 10:15 |
