/SecAcademic

记录我的安全学术学习

SecAcademic

入侵检测相关学术会议/期刊

  1. RAID International Symposium on Recent Advances in Intrusion Detection
  2. DIMVA Detection of Intrusions and Malware &Vulnerability Assessment
  3. ISC Information Security Conference
  4. SEC IFIP International Information Security Conference
  5. SCN Security and Communication Networks CCF C类/中科院4区
  6. TrustCom IEEE International Conference on Trust,Security and Privacy in Computing and Communications CCF C类/中科院4区
  7. NDSS ISOC Network and Distributed System Security Symposium
  8. IJICS International Journal of Information and Computer Security
  9. IJISP International Journal of Information Security and Privacy

近年异常(入侵)检测类学术文章

  1. Cyber intrusion detection by combined feature selection algorithm 基于组合特征和聚类算法的入侵检测(KDD99)
  2. Discovering and utilising expert knowledge from security event logs 主机事件挖掘
  3. Intrusion response prioritization based on fuzzy ELECTRE multiple criteria decision making technique
  4. A novel honeypot based security approach for real-time intrusion detection and prevention systems 基于蜜罐的实时入侵检测系统
  5. Identifying irregularities in security event logs through an object-based Chi-squared test of independence 识别安全事件中的违规行为
  6. Distance Measurement Methods for Improved Insider Threat Detection 企业内部威胁检测
  7. Defending against the Advanced Persistent Threat: An Optimal Control Approach 基于最佳控制的APT防御方案
  8. Network Intrusion Detection with Threat Agent Profiling 基于Threat Agent Profiling的网络入侵检测
  9. Network Intrusion Detection through Stacking Dilated Convolutional Autoencoders 自编码器网络入侵检测
  10. An Approach for Internal Network Security Metric Based on Attack Probability 基于攻击概率的内部安全评估
  11. LA-GRU: Building Combined Intrusion Detection Model Based on Imbalanced Learning and Gated Recurrent Unit Neural Network 解决了数据不平衡的入侵检测模型
  12. A Closer Look at Intrusion Detection System for Web Applications 针对Web应用的入侵检测
  13. Network Intrusion Detection Method Based on PCA and Bayes Algorithm 基于PCA和贝叶斯的网络入侵检测
  14. Symmetry Degree Measurement and its Applications to Anomaly Detection 对称度量在异常检测中的应用
  15. An Intelligence-Driven Security-Aware Defense Mechanism for Advanced Persistent Threats 基于Lyapunov的,以威胁情报为后盾的态势感知
  16. A survey of network-based intrusion detection data sets 基于网络入侵检测数据集调查
  17. CorrCorr: A feature selection method for multivariate correlation network anomaly detection techniques 基于网络入侵检测的特征选择方法
  18. How to trick the Borg: threat models against manual and automated techniques for detecting network attacks
  19. Firefly algorithm based feature selection for network intrusion detection 入侵检测特征选择
  20. Dynamic log file analysis: An unsupervised cluster evolution approach for anomaly detection 基于无监督动态日志分析的异常检测
  21. A training-resistant anomaly detection system 反对抗机器学习入侵检测
  22. A systematic survey on multi-step attack detection 对多阶段攻击检测技术的调查
  23. Saving energy in aggressive intrusion detection through dynamic latency sensitivity recognition
  24. A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection 反向传播算法入侵检测
  25. https://www.sciencedirect.com/science/article/pii/S0167404817302274?via%3Dihub 入侵检测特征选择
  26. A survey of intrusion detection systems based on ensemble and hybrid classifiers 对基于集成和混合分类器的入侵检测调查
  27. MADE: Security Analytics for Enterprise Threat Detection 基于日志检测恶意软件活动
  28. A Reinforcement Learning Approach for Attack Graph Analysis 基于强化学习的攻击图分析
  29. Profiling Network Traffic Behavior for the Purpose of Anomaly-Based Intrusion Detection 基于流量行为的异常检测
  30. Insider Threat Detection Through Attributed Graph Clustering 基于属性图聚类的内部威胁检测
  31. Unsupervised Feature Selection Method for Intrusion Detection System 入侵检测系统中的无监督学习特征选择
  32. Big Data Analytics for Detecting Host Misbehavior in Large Logs 从日志中分析主机的不当行为
  33. An Efficient and Scalable Intrusion Detection System on Logs of Distributed Applications 基于分布式日志的入侵检测
  34. Process Discovery for Industrial Control System Cyber Attack Detection 工控系统入侵检测
  35. Visualization of Intrusion Detection Alarms Collected from Multiple Networks 入侵检测系统告警信息可视化
  36. Slop: Towards an Efficient and Universal Streaming Log Parser 高效的日志流解析器
  37. A Linguistic Approach Towards Intrusion Detection in Actual Proxy Logs 在代理日志中进行入侵检测
  38. A Transparent Learning Approach for Attack Prediction Based on User Behavior Analysis 基于用户行为预测攻击
  39. Towards a Timely Causality Analysis for Enterprise Security 基于因果关系分析的企业内部安全检测
  40. Anomaly detection through information sharing under different topologies 基于拓扑间信息共享的异常检测
  41. Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection 多步攻击检测
  42. Detecting lateral spear phishing attacks in organisations 横向鱼叉钓鱼检测
  43. Detecting new generations of threats using attribute-based attack graph 基于属性图的下一代威胁检测
  44. Network intrusion detection algorithm based on deep neural network 基于深度神经网络的入侵检测
  45. Detecting anomalous traffic in the controlled network based on cross entropy and support vector machine 基于交叉熵和SVM的网络入侵检测
  46. Tightroping between APT and BCI in small enterprises 小型企业APT与业务信息之间的关联
  47. Sequential pattern analysis for event-based intrusion detection 基于事件的恶意入侵序列特征分析
  48. Development of an efficient classifier using proposed sensitivity-based feature selection technique for intrusion detection system 入侵检测特征选择技术
  49. Building an Effective Approach toward Intrusion Detection Using Ensemble Feature Selection 基于集合特征选择的入侵检测

APT攻击检测专题

  1. HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows 基于细粒度事件关系图的APT攻击检测,算法为自设计评分模型
  2. ATLAS: A Sequence-based Learning Approach for Attack Investigation 基于因果图构建APT攻击行为检测序列实现攻击检测

横向移动专题

  1. Lateral Movement Detection Using Distributed Data Fusion 基于数据融合的横向移动检测
  2. An Unsupervised Multi-Detector Approach for Identifying Malicious Lateral Movement 无监督多检测点的横向移动检测
  3. Proposed Framework for Network Lateral Movement Detection Based On User Risk Scoring in SIEM 基于评分模型的横向移动检测
  4. Latte: Large-Scale Lateral Movement Detection 大规模横向移动检测
  5. A Novel Approach for Identifying Lateral Movement Attacks Based on Network Embedding 基于网络嵌入的横向移动检测
  6. Quantitative security analysis of a dynamic network system under lateral movement-based attacks 基于横向移动攻击的动态网络模型评估
  7. Facing lateral movements using widespread behavioral probes 使用行为探针检测横向移动
  8. Real-Time Lateral Movement Detection Based on Evidence Reasoning Network for Edge Computing Environment 基于证据推理的实时横向移动检测
  9. A Machine Learning Approach for RDP-based Lateral Movement Detection 基于RDP的横向移动检测(滑铁卢大学硕士学位论文)
  10. CERT-EU_SWP_17-002_Lateral_Movements 欧洲应急响应中心的关于横向移动检测的报告
  11. Detecting Lateral Movement Through Tracking Event Logs_version2 日本国家应急响应中心的通过日志检测横向移动的报告
  12. https://jpcertcc.github.io/ToolAnalysisResultSheet/ 日本国家应急响应中心对横向移动各类工具日志检测的结果
  13. Detecting Lateral Movement in Enterprise Computer Networks with Unsupervised Graph AI 基于异构图边预测的横向移动检测

基于主机日志(事件)类学术论文

  1. Discovering and utilising expert knowledge from security event logs主机事件挖掘
  2. Identifying irregularities in security event logs through an object-based Chi-squared test of independence识别安全事件中的违规行为
  3. Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks 从各类安全事件(告警)日志中提取有价值信息

Web安全类学术文章(CCF 会议期刊ABC)

  1. SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel
  2. SQL injection attacks - a systematic review SQL注入检测综述

恶意软件类

  1. Classification of malware families based on runtime behaviors
  2. A Feature Extraction Method of Hybrid Gram for Malicious Behavior Based on Machine Learning
  3. Malware Detection on Byte Streams of PDF Files Using Convolutional Neural Networks
  4. A Novel Immune-Inspired Shellcode Detection Algorithm Based on Hyperellipsoid Detectors. Shellcode检测
  5. Detecting Malware with an Ensemble Method Based on Deep Neural Network 恶意软件检测
  6. ALDOCX: Detection of Unknown Malicious Microsoft Office Documents Using Designated Active Learning Methods Based on New Structural Feature Extraction Methodology 恶意Office文档检测
  7. Survey of machine learning techniques for malware analysis 对恶意软件分析技术的调查
  8. Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning 深度学习恶意软件检测
  9. From big data to knowledge: A spatio-temporal approach to malware detection 基于时间、空间关联信息的恶意软件检测
  10. A malware detection method based on family behavior graph 基于家族行为图的恶意软件检测
  11. Using side channel TCP features for real-time detection of malware connections TCP侧信道检测恶意软件通信
  12. DECANTeR: DEteCtion of Anomalous outbouNd HTTP TRaffic by Passive Application Fingerprinting 恶意HTTP通信检测
  13. Countering Malicious Processes with Process-DNS Association 基于DNS的恶意进程检测
  14. Polymorphic malware detection using sequence classification methods and ensembles 使用序列分类方法和集成进行多态恶意软件检测
  15. Malware classification based on API calls and behaviour analysis 基于API调用的恶意软件分类
  16. Mining malicious behavioural patterns 挖掘恶意软件的行为模式
  17. Behavioral Modeling of Malicious Objects in a Highly Infected Network Under Quarantine Defence 高度隔离环境下的恶意软件行为分析

DDOS检测

  1. MLP-GA based algorithm to detect application layer DDoS attack
  2. An event based technique for detecting spoofed IP packets
  3. A DDoS Attack Detection Method Based on SVM in Software Defined Network
  4. Preventing Distributed Denial-of-Service Flooding Attacks With Dynamic Path Identifiers 基于动态路径标识的DDOS防御
  5. HADEC: Hadoop-based live DDoS detection framework. 基于hadoop的DDOS检测

域名类

  1. An Imbalanced Malicious Domains Detection Method Based on Passive DNS Traffic Analysis 基于DNS流量不平衡的恶意域名检测
  2. Issues and challenges in DNS based botnet detection: A survey 僵尸网络DNS隧道的调查
  3. Detection of malicious and low throughput data exfiltration over the DNS protocol DNS隧道检测
  4. DomainChroma: Building actionable threat intelligence from malicious domain names 通过恶意域名构建威胁情报
  5. Toward secure name resolution on the internet 下一代安全名称解析协议
  6. DNS Tunneling Detection Method Based on Multilabel Support Vector Machine DNS通信隧道检测
  7. Detecting DNS Tunnel through Binary-Classification Based on Behavior Features DNS隧道检测
  8. Getting Under Alexa’s Umbrella: Infiltration Attacks Against Internet Top Domain Lists
  9. Fast Flux Service Network Detection via Data Mining on Passive DNS Traffic
  10. A Deep Learning Based Online Malicious URL and DNS Detection Scheme 基于深度学习的恶意URL和DNS检测
  11. Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs 恶意域检测

爬虫检测

  1. Detection Method for Distributed Web-Crawlers: A Long-Tail Threshold Model 分布式爬虫检测

防御类

  1. Misery Digraphs: Delaying Intrusion Attacks in Obscure Clouds 云架构上的欺骗防御
  2. https://ieeexplore.ieee.org/document/8325528 大型网络动态防御技术

其他

  1. Automatic Identification of Honeypot Server Using Machine Learning Techniques 基于机器学习的蜜罐识别
  2. https://www.csuldw.com/2019/03/24/2019-03-24-anomaly-detection-introduction/ 八大无监督异常检测技术
  3. http://sofasofa.io/tutorials/anomaly_detection/ 利用Autoencoder进行无监督异常检测
  4. https://www.ibm.com/developerworks/cn/cognitive/library/cc-unsupervised-learning-data-classification/index.html 用于数据分类的无监督学习

数据集

  1. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=508099 内部威胁检测
  2. https://csr.lanl.gov/data/cyber1/
  3. https://vizsec.org/data/
  4. https://github.com/logpai/loghub
  5. https://snap.stanford.edu/data/index.html 斯坦福大学数据集

恶意软件分析平台

  1. https://www.virustotal.com/gui/home/upload
  2. http://habo.qq.com
  3. https://analyze.intezer.com/
  4. https://app.any.run/
  5. https://www.hybrid-analysis.com/
  6. https://malwr.com/
  7. http://www.securitytalk.xyz/sample
  8. https://www.reverse.it/
  9. https://bazaar.abuse.ch/browse/
  10. https://labs.inquest.net/