dc.date.accessioned | 2023-04-17T15:35:30Z | |
dc.date.available | 2023-04-17T15:35:30Z | |
dc.date.created | 2023-03-28T07:51:31Z | |
dc.date.issued | 2023 | |
dc.identifier.citation | Gjerstad, Julie Kadiric, Fikret Grov, Gudmund Kjellstadli, Espen Hammer Asprusten, Markus Leira . LADEMU: a modular & continuous approach for generating labelled APT datasets from emulations. 2022 IEEE International Conference on Big Data. 2023 IEEE (Institute of Electrical and Electronics Engineers) | |
dc.identifier.uri | http://hdl.handle.net/10852/101925 | |
dc.description.abstract | Development and evaluation of data-driven capabilities for both threat hunting and intrusion detection require high-quality and up-to-date datasets. The generation of such datasets poses multiple challenges, which has led to a general lack of suitable datasets for this domain.One such difficulty is the ability to correctly label each datapoint at a suitable level of granularity. In this paper, we argue that the challenges faced when labelling datasets can to some degree be decoupled from realistic emulations of up-to-date attacks and benign behaviours. We propose a modular labelling approach that can be combined with existing emulation platforms that provide the necessary details used for labelling. A proof-of-concept implementation is provided with our LADEMU (Labelled Apt Datasets from EMUlations) tool, which is integrated with the Mitre CALDERA emulation platform and uses the GHOSTS framework for benign behaviour. LADEMU captures both host and network logs and labels them at a sufficient level of detail to separate the various attack steps. This provides dataset support for the development of data-driven APT, multi-step and kill-chain capabilities. As a case, LADEMU is used to generate a labelled dataset from an intelligence-driven emulation plan of an advanced persistent threat (APT) group. | |
dc.language | EN | |
dc.publisher | IEEE (Institute of Electrical and Electronics Engineers) | |
dc.title | LADEMU: a modular & continuous approach for generating labelled APT datasets from emulations | |
dc.title.alternative | ENEngelskEnglishLADEMU: a modular & continuous approach for generating labelled APT datasets from emulations | |
dc.type | Chapter | |
dc.creator.author | Gjerstad, Julie | |
dc.creator.author | Kadiric, Fikret | |
dc.creator.author | Grov, Gudmund | |
dc.creator.author | Kjellstadli, Espen Hammer | |
dc.creator.author | Asprusten, Markus Leira | |
cristin.unitcode | 185,15,5,75 | |
cristin.unitname | DIS Digital infrastruktur og sikkerhet | |
cristin.ispublished | true | |
cristin.fulltext | postprint | |
dc.identifier.cristin | 2137404 | |
dc.identifier.bibliographiccitation | info:ofi/fmt:kev:mtx:ctx&ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.btitle=2022 IEEE International Conference on Big Data&rft.spage=&rft.date=2023 | |
dc.identifier.pagecount | 1000 | |
dc.identifier.doi | https://doi.org/10.1109/BigData55660.2022.10020549 | |
dc.type.document | Bokkapittel | |
dc.type.peerreviewed | Peer reviewed | |
dc.source.isbn | 978-1-6654-8045-1 | |
dc.type.version | AcceptedVersion | |
cristin.btitle | 2022 IEEE International Conference on Big Data | |