SysCall Dataset: A Dataset for Context Modeling and Anomaly Detection using System Calls
| Main Author: | Ezeme, Okwudili |
|---|---|
| Other Authors: | Mahmoud, Qusay, Azim, Akramul, Lescisin, Michael |
| Format: | Dataset |
| Terbitan: |
Mendeley
, 2019
|
| Subjects: | |
| Online Access: |
https:/data.mendeley.com/datasets/vfvw7g8s8h |
| ctrlnum |
0.17632-vfvw7g8s8h.2 |
|---|---|
| fullrecord |
<?xml version="1.0"?>
<dc><creator>Ezeme, Okwudili</creator><title>SysCall Dataset: A Dataset for Context Modeling and Anomaly Detection using System Calls</title><publisher>Mendeley</publisher><description>Context modeling and anomaly detection use abstractions from the processes and applications to create state-transition graphs that verify system performance. However, this approach of model performance verification is limited as state explosion problem forces designers to use process abstraction which does not capture the intricate interactions amongst the processes, the hardware, and the kernel during execution. Also, the timing constraints of some process executions are challenging to model using the simple state-transition graphs.
In this paper, we describe a dataset of system call events from an uncrewed aerial vehicle (UAV) which capture the order and type of system calls as well as the timestamp of the system call events as the UAV operates in a simulated platform. Since processes call the system call events, then an ingenious reverse engineering process of using the system call events generated by each process1 can be used to audit the behavior of the application. The system call events provide an in-depth view of the process interactions while the timestamp of the events helps in modeling timing requirements during process execution.
The UAV application is modeled using state machines, and as the application operates from the start state to the end state, we record the system call events and the timestamp of the events using the process identifiers, and other IDs that show that the monitored process generated the system call event. We package the UAV application, the instrumentation script, and the Bochs CPU emulator into a Docker container for the ease of generating datasets (similar to field datasets) in the laboratory with minimal cost. Therefore, the dataset is useful for in-depth modern cyber-threat analysis.</description><subject>Machine Learning</subject><subject>Artificial Intelligence Applications</subject><subject>Applied Computer Science</subject><subject>Learning Context</subject><contributor>Mahmoud, Qusay</contributor><contributor>Azim, Akramul</contributor><contributor>Lescisin, Michael</contributor><type>Other:Dataset</type><identifier>10.17632/vfvw7g8s8h.2</identifier><rights>Creative Commons Attribution 4.0 International</rights><rights>http://creativecommons.org/licenses/by/4.0</rights><relation>https:/data.mendeley.com/datasets/vfvw7g8s8h</relation><date>2019-11-09T03:34:30Z</date><recordID>0.17632-vfvw7g8s8h.2</recordID></dc>
|
| format |
Other:Dataset Other |
| author |
Ezeme, Okwudili |
| author2 |
Mahmoud, Qusay Azim, Akramul Lescisin, Michael |
| title |
SysCall Dataset: A Dataset for Context Modeling and Anomaly Detection using System Calls |
| publisher |
Mendeley |
| publishDate |
2019 |
| topic |
Machine Learning Artificial Intelligence Applications Applied Computer Science Learning Context |
| url |
https:/data.mendeley.com/datasets/vfvw7g8s8h |
| contents |
Context modeling and anomaly detection use abstractions from the processes and applications to create state-transition graphs that verify system performance. However, this approach of model performance verification is limited as state explosion problem forces designers to use process abstraction which does not capture the intricate interactions amongst the processes, the hardware, and the kernel during execution. Also, the timing constraints of some process executions are challenging to model using the simple state-transition graphs.
In this paper, we describe a dataset of system call events from an uncrewed aerial vehicle (UAV) which capture the order and type of system calls as well as the timestamp of the system call events as the UAV operates in a simulated platform. Since processes call the system call events, then an ingenious reverse engineering process of using the system call events generated by each process1 can be used to audit the behavior of the application. The system call events provide an in-depth view of the process interactions while the timestamp of the events helps in modeling timing requirements during process execution.
The UAV application is modeled using state machines, and as the application operates from the start state to the end state, we record the system call events and the timestamp of the events using the process identifiers, and other IDs that show that the monitored process generated the system call event. We package the UAV application, the instrumentation script, and the Bochs CPU emulator into a Docker container for the ease of generating datasets (similar to field datasets) in the laboratory with minimal cost. Therefore, the dataset is useful for in-depth modern cyber-threat analysis. |
| id |
IOS7969.0.17632-vfvw7g8s8h.2 |
| institution |
Universitas Islam Indragiri |
| affiliation |
onesearch.perpusnas.go.id |
| institution_id |
804 |
| institution_type |
library:university library |
| library |
Teknologi Pangan UNISI |
| library_id |
2816 |
| collection |
Artikel mulono |
| repository_id |
7969 |
| city |
INDRAGIRI HILIR |
| province |
RIAU |
| shared_to_ipusnas_str |
1 |
| repoId |
IOS7969 |
| first_indexed |
2020-04-08T08:31:42Z |
| last_indexed |
2020-04-08T08:31:42Z |
| recordtype |
dc |
| _version_ |
1686587763054346240 |
| score |
17.538404 |