แจ้งเอกสารไม่ครบถ้วน, ไม่ตรงกับชื่อเรื่อง หรือมีข้อผิดพลาดเกี่ยวกับเอกสาร ติดต่อที่นี่ ==>
หากไม่มีอีเมลผู้รับให้กรอก thailis-noc@uni.net.th
หากไม่มีอีเมลผู้รับให้กรอก thailis-noc@uni.net.th
Vatcharanun Moonkhaen. A centralized system for detecting attacks from Windows event logs. (). King Mongkut's University of Technology North Bangkok. Central Library. : , 2023.
A centralized system for detecting attacks from Windows event logs
Name: Vasaka Visoottiviseth
Organization :
Mahidol University. Faculty of Information and Communication Technology
Email :
vasaka.vis@mahidol.edu
Name: Vatcharanun Moonkhaen
Organization :
Naval Communications and Information Technology Department. Cyber Center
Email :
vatcharanun.m@navy.mi.th
keyword:
Centralized Log System
ThaSH:
Computer security
ThaSH:
Database management
Abstract:
Although Microsoft released Windows 10 and 11,
many personal computers worldwide are still running the old
Windows 7 version without installing security patches. This
leads attackers to be able to exploit them. In this paper, we
propose a lightweight system called SHIRO to detect Windows
attacks from the Windows event logs. It aims to detect attacks
on Windows 7 clients by focusing on three most critical
Common Vulnerabilities Exposures (CVEs), which are CVE
2017-0143 (Eternal Blue), CVE 2017-0199 (HTA), and CVE
2019-0708 (Blue Keep). To validate our proposed system, we
emulate various attacks and generate datasets on each attack
type. Then the log server collects Windows event logs from each
client. We identify attacks by comparing logs obtained during
attacks and logs obtained during normal operations. Then we
develop detection signatures for each CVE from specific event
IDs. Once SHIRO finds the attack signatures in the records, it
identifies the attack type and alerts to the administrator. Our
experiments based on both pre-generated datasets and the real-time
attacks confirm that SIDRO can detect three types of
attacks accurately. The experiment results prove that SIDRO is
useful for the administrator to find the compromised Windows
machines efficiently.
King Mongkut's University of Technology North Bangkok. Central Library
Address:
BANGKOK
Email:
library@kmutnb.ac.th
Created:
2023
Modified:
2024-12-11
Issued:
2024-12-11
บทความ/Article
application/pdf
BibliograpyCitation :
In Electrical Engineering Academic Association (Thailand), Mahasarakham University. Faculty of Engineering and ASEFA. The 2023 International Electrical Engineering Congress (iEECON 2023) (pp.367-371). Mahasarakham : Mahasarakham University
eng
©copyrights King Mongkut's University of Technology North Bangkok
RightsAccess:
ใช้เวลา
0.024599 วินาที
Vasaka Visoottiviseth
| Title | Contributor | Type |
|---|---|---|
| AXREL : automated extracting registry and event logs for windows forensics
มหาวิทยาลัยเทคโนโลยีพระจอมเกล้าพระนครเหนือ Vasaka Visoottiviseth;Arnon Noonkhan;Ray Phonpanit;Picha Wanichayagosol;Sumedt Jitpukdebodin | บทความ/Article | |
| A centralized system for detecting attacks from Windows event logs
มหาวิทยาลัยเทคโนโลยีพระจอมเกล้าพระนครเหนือ Vasaka Visoottiviseth;Vatcharanun Moonkhaen | บทความ/Article |
Vatcharanun Moonkhaen
| Title | Contributor | Type |
|---|---|---|
| A centralized system for detecting attacks from Windows event logs
มหาวิทยาลัยเทคโนโลยีพระจอมเกล้าพระนครเหนือ Vasaka Visoottiviseth;Vatcharanun Moonkhaen | บทความ/Article |