ProvSec: Open Cybersecurity System Provenance Analysis Benchmark Dataset with Labels-Reference-Cited by-同舟云学术

ProvSec: Open Cybersecurity System Provenance Analysis Benchmark Dataset with Labels

Published:2023-11-15 Issue:2 Volume:11 Page:112-123
ISSN:2211-7938
Container-title:International Journal of Networked and Distributed Computing
language:en
Short-container-title:Int J Netw Distrib Comput

Author:

Shrestha Madhukar,Kim Yonghyun,Oh Jeehyun,Rhee Junghwan^ORCID,Choe Yung Ryn,Zuo Fei,Park Myungah,Qian Gang

Abstract

AbstractSystem provenance forensic analysis has been studied by a large body of research work. This area needs fine granularity data such as system calls along with event fields to track the dependencies of events. While prior work on security datasets has been proposed, we found a useful dataset of realistic attacks and details that are needed for high-quality provenance tracking is lacking. We created a new dataset of eleven vulnerable cases for system forensic analysis. It includes the full details of system calls including syscall parameters. Realistic attack scenarios with real software vulnerabilities and exploits are used. For each case, we created two sets of benign and adversary scenarios which are manually labeled for supervised machine-learning analysis. In addition, we present an algorithm to improve the data quality in the system provenance forensic analysis. We demonstrate the details of the dataset events and dependency analysis of our dataset cases.

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Computer Science Applications

Link

https://link.springer.com/content/pdf/10.1007/s44227-023-00014-9.pdf

Reference54 articles.

1. Bloomberg (2021) Colonial pipeline paid hackers nearly 5 million in ransom, https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom/. Accessed 11 Nov 2023

2. Reuters (2021) Toshibas european business hit by cyberattack, https://www.reuters.com/business/autos-transportation/toshibas-european-business-hit-by-cyberattack-source-2021-05-14/. Accessed 11 Nov 2023

3. Schools BP (2021) Cybersecurity attack on the buffalo public schools, https://www.buffaloschools.org/cms/lib/NY01913551/Centricity/Domain/8/Cybersecurity%20Update%203-15-21.pdf. Accessed: 03 Dec 2023

4. Magazine S (2021) Now ransomware is inundating public school systems, https://www.securitymagazine.com/articles/95164-now-ransomware-is-inundating-public-school-systems. Accessed: 11 Nov 2023

5. Oklahoma N (2021) Tulsa system shutdown alters backside operations ransomware attack still being investigated, https://www.kjrh.com/news/local-news/tulsa-system-shutdown-alters-backside-operations-ransomware-attack-still-being-investigated. Accessed 11 Nov 2023