Almecija, M. Valerio (2024) A new threat detection method based on Windows events management system. Dataset pre-processing for introducing machine learning techniques PRE - Projet de recherche, ENSTA.

Aucun fichier n'a encore été téléchargé pour ce document.

Résumé

In the past decades, the antivirus systems have become more efficient and in response and, as a result, the adversary techniques also became more sophisticated to evade them, using different obfuscation techniques. Classic detection systems are now outdated. This project proposes a detection system based on the analysis of events captured by the operative system and matching them with the MITRE ATT&CK matrix and the Cyber Kill Chain. With the objective of automating and improving the detection system, a dataset of malicious and non-malicious events was created. The internship presented in this report consisted of a preliminary analysis of the dataset, its exploration and pre-analysis, with the future goal of training an autoencoder to improve the detection system.

Type de document:Rapport ou mémoire (PRE - Projet de recherche)
Mots-clés libres:dataset, MITRE ATT&CK, Cyber Kill Chain, event-based threat detection, autoencoders, Windows
Sujets:Sciences et technologies de l'information et de la communication
Code ID :9961
Déposé par :Valerio ALMECIJA
Déposé le :30 juill. 2024 10:15
Dernière modification:30 juill. 2024 10:15

Modifier les métadonnées de ce document.