Versenden
Drucken
Bouhlal, Badr-Eddine und Sonnekalb, Tim und Gruner, Bernd und Brust, Clemens-Alexander (2024) User-agent as a Cyber Intrusion Artifact: Detection of APT Activity using minimal Anomalies on the User-agent String Traffic. In: 16th ZEUS Workshop on Sercices and their Composition, ZEUS 2024, 3673 (16), Seiten 63-72. CEUR Workshop. 16th Central European Workshop on Services and their Composition, 2024-02-29 - 2024-03-01, Ulm, germany. ISSN 1613-0073.
![[img]](https://elib.dlr.de/style/images/fileicons/application_pdf.png) |
PDF
954kB |
Offizielle URL: https://ceur-ws.org/Vol-3673/
Kurzfassung
The detection of attacks, especially persistent intrusions, relies on a combination of various artifacts. Despite being manipulable, the user-agent string, a component of HTTP headers, has proven to be a tool for triggering alerts, thereby enhancing detection capabilities. In this paper, we perform a review and analysis of existing malicious user agent strings. We gather relevant data from different sources of threat intelligence and present a dataset of user-agent strings associated with malicious activities gathered from real incident reports. We also propose a categorization of existing user-agent string anomalies with respect to their type (e.g., syntax) and their complexity degree
| elib-URL des Eintrags: | https://elib.dlr.de/204149/ | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dokumentart: | Konferenzbeitrag (Vortrag) | ||||||||||||||||||||
| Titel: | User-agent as a Cyber Intrusion Artifact: Detection of APT Activity using minimal Anomalies on the User-agent String Traffic | ||||||||||||||||||||
| Autoren: |
| ||||||||||||||||||||
| Datum: | 2024 | ||||||||||||||||||||
| Erschienen in: | 16th ZEUS Workshop on Sercices and their Composition, ZEUS 2024 | ||||||||||||||||||||
| Referierte Publikation: | Ja | ||||||||||||||||||||
| Open Access: | Ja | ||||||||||||||||||||
| Gold Open Access: | Nein | ||||||||||||||||||||
| In SCOPUS: | Ja | ||||||||||||||||||||
| In ISI Web of Science: | Nein | ||||||||||||||||||||
| Band: | 3673 | ||||||||||||||||||||
| Seitenbereich: | Seiten 63-72 | ||||||||||||||||||||
| Herausgeber: |
| ||||||||||||||||||||
| Verlag: | CEUR Workshop | ||||||||||||||||||||
| Name der Reihe: | Proceedings of the 16th ZEUS Workshop on Services and their Composition (ZEUS 2024) | ||||||||||||||||||||
| ISSN: | 1613-0073 | ||||||||||||||||||||
| Status: | veröffentlicht | ||||||||||||||||||||
| Stichwörter: | User-agent string (UAS), Advanced persistent threat (APT), Intrusion detection, Machine learning | ||||||||||||||||||||
| Veranstaltungstitel: | 16th Central European Workshop on Services and their Composition | ||||||||||||||||||||
| Veranstaltungsort: | Ulm, germany | ||||||||||||||||||||
| Veranstaltungsart: | Workshop | ||||||||||||||||||||
| Veranstaltungsbeginn: | 29 Februar 2024 | ||||||||||||||||||||
| Veranstaltungsende: | 1 März 2024 | ||||||||||||||||||||
| HGF - Forschungsbereich: | keine Zuordnung | ||||||||||||||||||||
| HGF - Programm: | keine Zuordnung | ||||||||||||||||||||
| HGF - Programmthema: | keine Zuordnung | ||||||||||||||||||||
| DLR - Schwerpunkt: | Digitalisierung | ||||||||||||||||||||
| DLR - Forschungsgebiet: | D KIZ - Künstliche Intelligenz | ||||||||||||||||||||
| DLR - Teilgebiet (Projekt, Vorhaben): | D - CausalAnomalies | ||||||||||||||||||||
| Standort: | Jena | ||||||||||||||||||||
| Institute & Einrichtungen: | Institut für Datenwissenschaften > Datengewinnung und -mobilisierung | ||||||||||||||||||||
| Hinterlegt von: | Bouhlal, Badr-Eddine | ||||||||||||||||||||
| Hinterlegt am: | 21 Jun 2024 13:23 | ||||||||||||||||||||
| Letzte Änderung: | 24 Jun 2024 09:57 |
Nur für Mitarbeiter des Archivs: Kontrollseite des Eintrags
