Anomalous File System Activity Detection Through Temporal Association Rule Mining

M. Reza H. Iman; Pavel Chikul; Gert Jervan; Hayretdin Bahsi; Tara Ghasempouri

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Anomalous File System Activity Detection Through Temporal Association Rule Mining

Topics: Data and Software Security; Intrusion Detection and Response; Malware Detection; Security; Security Architecture and Design Analysis

In Proceedings of the 9th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 733-740, 2023 , Lisbon, Portugal

Authors: M. Reza H. Iman ¹ ; Pavel Chikul ² ; Gert Jervan ¹ ; Hayretdin Bahsi ² and Tara Ghasempouri ¹

Affiliations: ¹ Department of Computer Systems, Tallinn University of Technology, Tallinn, Estonia ; ² Centre for Digital Forensics and Cyber Security, Tallinn University of Technology, Tallinn, Estonia

Keyword(s): NTFS, USN Journal, Forensics, Pattern Recognition, Association Rule Mining, Anomaly Detection.

Abstract: NTFS USN Journal tracks all the changes in the files, directories, and streams of a volume for various reasons including backup. Although this data source has been considered a significant artifact for digital forensic investigations, the utilization of this source for automatic malicious behavior detection is less explored. This paper applies temporal association rule mining to data obtained from the NTFS USN Journal for malicious behavior detection. The proposed method extracts association rules from two data sources, the first one with normal behavior and the second one with a malicious one. The obtained rules, which have embedded the sequence of information, are compared with respect to their support and confidence values to identify the ones indicating malicious behavior. The method is applied to a ransomware case to demonstrate its feasibility in finding relevant rules based on USN journal activities.

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.191.202.45

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

H. Iman, M.; Chikul, P.; Jervan, G.; Bahsi, H. and Ghasempouri, T. (2023). Anomalous File System Activity Detection Through Temporal Association Rule Mining. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-624-8; ISSN 2184-4356, SciTePress, pages 733-740. DOI: 10.5220/0011805100003405

@conference{icissp23,
author={M. Reza {H. Iman}. and Pavel Chikul. and Gert Jervan. and Hayretdin Bahsi. and Tara Ghasempouri.},
title={Anomalous File System Activity Detection Through Temporal Association Rule Mining},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP},
year={2023},
pages={733-740},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011805100003405},
isbn={978-989-758-624-8},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP
TI - Anomalous File System Activity Detection Through Temporal Association Rule Mining
SN - 978-989-758-624-8
IS - 2184-4356
AU - H. Iman, M.
AU - Chikul, P.
AU - Jervan, G.
AU - Bahsi, H.
AU - Ghasempouri, T.
PY - 2023
SP - 733
EP - 740
DO - 10.5220/0011805100003405
PB - SciTePress