Almecija, M. Valerio (2024) A new threat detection method based on Windows events management system. Dataset pre-processing for introducing machine learning techniques PRE - Research Project, ENSTA.
Full text not available from this repository.
Abstract
In the past decades, the antivirus systems have become more efficient and in response and, as a result, the adversary techniques also became more sophisticated to evade them, using different obfuscation techniques. Classic detection systems are now outdated. This project proposes a detection system based on the analysis of events captured by the operative system and matching them with the MITRE ATT&CK matrix and the Cyber Kill Chain. With the objective of automating and improving the detection system, a dataset of malicious and non-malicious events was created. The internship presented in this report consisted of a preliminary analysis of the dataset, its exploration and pre-analysis, with the future goal of training an autoencoder to improve the detection system.
| Item Type: | Thesis (PRE - Research Project) |
|---|---|
| Uncontrolled Keywords: | dataset, MITRE ATT&CK, Cyber Kill Chain, event-based threat detection, autoencoders, Windows |
| Subjects: | Information and Communication Sciences and Technologies |
| ID Code: | 9961 |
| Deposited By: | Valerio ALMECIJA |
| Deposited On: | 30 juill. 2024 10:15 |
| Dernière modification: | 30 juill. 2024 10:15 |
Repository Staff Only: item control page
