Highest Voted 'anomaly-detection' Questions - IT Security Stack Exchange

34

votes

4 answers

Which security measures does PyPI and similar third-party software repositories take?

PyPI is a third-party software repository for Python packages. Everybody can upload packages to it (see The Python Package Index (PyPI)). How does PyPI prevent people from uploading malware? When I am searching for software, how can I be (more)…

asked Jan 16 '15 at 13:23

Martin Thoma

3,902
6
30
42

8

votes

2 answers

Anomaly-based Malware Detection in Web Applications

I am partly responsible for the security and malware detection (in general) of a huge number of hosting accounts. Our methods rely heavily on signature-based detection provided by ClamAV for which we have also created a pretty decent signature…

malware php antimalware anomaly-detection

asked Mar 02 '17 at 22:25

McJohnson

282
2
7

7

votes

2 answers

Detecting Process Hollowing

I was brainstorming methods of detecting process hollowing and other forms of code injection, and this one seemed pretty robust. Would it be possible for a "process hollowing scanner" to enumerate all the executable pages in a process' memory,…

antivirus ids detection virus-removal anomaly-detection

asked May 12 '16 at 06:30

exosphere

71
2

3

votes

2 answers

Datasets dedicated for SIEM systems

I am looking for data sets published by researchers or freelancers which can be used for the purpose of SIEM testing and evaluations. The goal is to test the classification (and later correlation) for this system. Some researchers used Packet…

detection siem anomaly-detection

asked Oct 16 '18 at 09:40

U. User

180
8

3

votes

3 answers

Basic security checklist for using an open-source library

I've recently started working with web applications, and the ones developed by our team seem to use a lot of external components for different minor functionality (e.g. a scrolling slider bar, a markdown editor ...) The only "security" mechanism…

opensource code-review manual-review anomaly-detection

asked Aug 28 '16 at 16:24

Jedi

3,906
2
24
42

2

votes

2 answers

Anomaly detection in HTTP REFERER

I'm trying to put some anomoly detection in place and I'm looking at referrer data (I know that this is optional, and can be fudged in some circumstances). But I'm seeing too many cases of what I believe to be false positives. From rfc2616: The…

web-browser http anomaly-detection

asked Jan 10 '14 at 13:42

symcbean

18,278
39
73

2

votes

1 answer

How safe is ePSXe?

For the last few weeks, my roommate dove back into his childhood by playing his old PS1 games with an emulator I set up for him : ePSXe 2.0.5 for Windows. A few days ago, he came back to me saying that the software "disappeared". I checked and…

anomaly-detection

asked Feb 26 '19 at 22:11

Larry N.

23
4

2

votes

0 answers

How to make a succesful mimicry attack when normal clusters are very small?

Anomaly detection IDS, sometimes, are designed to prevent mimicry attacks. After the algorithm has done the clustering, there might be few and small clusters. The attacker will have problems with generating malicious samples that can be clustered as…

ids anomaly-detection

asked Feb 23 '18 at 15:21

Aizzaac

121
5

2

votes

1 answer

How to monitor traffic/capture packets on your network?

Say you're having a basic LAN-infrastructure (a Router, a Firewall, a switch connected with multiple access points, a server and multiple clients). I want to be able to detect malicious traffic flowing through the network by studying the packets…

logging anomaly-detection

asked Oct 25 '17 at 16:04

Programmer1994

121
1

2

votes

0 answers

Measuring real effectiveness of Machine Learning based IDS

I am currently investigation effectiveness of Intrusion Detection/Prevention Systems that are backed my Machine Learning rather than traditional Signature based detection mechanisms, so that the system learns from anomalies in the network. I have…

ids anomaly-detection artificial-intelligence

asked May 28 '17 at 21:00

user3727438

21
2

2

votes

0 answers

Google Chrome wants connect at unknown IP

On my mac when I run Google Chrome, it wants connect at unknown domain on port 80, at example some domain name are: cccpveut, fuflavlorxna, crqzzif, ecc. They appear all domain name of first level.....it seems very strange.... All domains pointing…

ip chrome anomaly-detection

asked Jan 17 '17 at 16:07

Stackuser

21
2

2

votes

1 answer

iLivid infection/ iLivid behaviour analysis

Although lots of surveys and reports have been done on iLivid by lots of malware analyzers, I decided to inspect iLivid independent of previous research. I have read lots of reports about iLivid but when I proceed to survey I download iLivid from…

malware investigation anomaly-detection

asked Jan 19 '16 at 15:40

Mohammadreza

21
1

1

vote

1 answer

OWASP CRS Anomaly scoring,, ModSecurity WAF

I'm getting into OWASP CRS with ModSecurity and was investigating the way OWASP calculate the anomaly score in the REQUEST-901-INITIALIZATION.conf they set the following lines…

waf mod-security anomaly-detection

asked May 04 '20 at 18:23

Murad

11
1

1

vote

0 answers

There is a difference between malware detection using automata and family behavior graph?

Is there a difference between dynamic malware detection using automata and family behavior - graph? I think that they are both relying on API function calls but I don't understand if there is any major difference between them. If you're not sure…

malware automation anomaly-detection

asked Oct 04 '19 at 10:35

Gavriel Sayag

11
2

1

vote

3 answers

Svchost without name 50%cpu using and can't access to "Service tab"

I have recently downloaded a trash software (even if normally I do not), and just after done an update of windows 10. After this when I was booting my computer my ventirad (I guess) was running faster and faster (like an exponential). So I watched…

malware anomaly-detection

asked Jun 14 '18 at 23:05

Chaveex

21
3

Questions tagged [anomaly-detection]