We just released version 1.0.0 of AMIDES, our system for detecting SIEM rule evasions in enterprise networks, right after being awarded all achievable badges in the #usesec24 Artifact Evaluation! 🤩🤩🤩 Big thanks to the awesome artifact eval committee! github.com/fkie-cad/amide…

I have finally found the time to update my "Log Sources" slide with input from Thomas Patzke phantinuss Daniel Stinson Josh Brower & others Changes - added EDR, cloud & IdP logs - rewrote the texts in the legend - updated values #SIEM github.com/Neo23x0/Talks/…

We just deployed several updates to Malpedia. 1) There is now an RSS feed available. 2) Microsoft Threat Intelligence threat actor names have been integrated as aliases. 3) Family pages have links to VirusTotal collections. 4) Library entries indicate if the article language is not English.

We just released a comprehensive overview of datasets for research in intrusion detection! Contributions welcome, please share! github.com/fkie-cad/intru…

Here's our new USENIX ;login: article, essentially a loose summary of our Security '24 paper. We show that threat detection in enterprise networks suffers from blind spots through SIEM rule evasion and present a mitigation called Adaptive Misuse Detection. usenix.org/publications/l…

Our overview of intrusion detection datasets now features a Related Work page with links and descriptions to surveys and dataset collections. More to come, contributions welcome! fkie-cad.github.io/intrusion-dete…

Keeping up the tradition. Kudos guys! 🍻

Security research is often criticized for the poor reproducibility, but with #ACSAC2024 we hope to contribute to changing that! This is the first time we explicitly solicit #Reproduction and #Replication papers and we encourage everyone to submit: acsac.org/2024/submissio…

Release 1.2.0 adds more datasets to our overview of intrusion detection datasets: CIC DoS, CIC-DDoS2019, gureKddcup, and User-Computer Authentication Associations in Time. fkie-cad.github.io/intrusion-dete…

New blog post: My colleague Louis analyzes how #Sigma rules may miss malicious PowerShell scripts due to unpredictable fragmentation of script block logs: lolcads.github.io/posts/2024/04/…

Intrusion Detection Datasets 1.3.0 now allows for CSV download so you can sort/filter entries and create statistics or plots. fkie-cad.github.io/intrusion-dete…

Intrusion Detection Datasets v1.4.0 is online with three new datasets described (ISOT Botnet, UNIBS, UWF-ZeekData22) and new, nice & shiny statistics plots! fkie-cad.github.io/intrusion-dete…

AMIDES 1.0.1 fixes a few minor bugs and improves the README file, particularly adding a TL;DR section for the eager users out there. 😁 github.com/fkie-cad/amide…

In a recent discussion on SigmaHQ. L015H4CK (Louis) brought up a topic that is often forgotten or ignored. Which is the idea that PowerShell ScriptBlock logs can and will be split into different "blocks" if the script is large enough (i.e the size of one block exceeds the size of

Our continuous survey of intrusion detection datasets is now called COMIDDS! Version 1.5.0 adds the number of citations for each surveyed dataset as well as three new datasets (AWID, OD-IDS2022, and SR-BH 2020): fkie-cad.github.io/COMIDDS/2024-0…

Looking forward to the USENIX Security Symposium and the preceding CSET Workshop next week, where I will present AMIDES (arxiv.org/abs/2311.10197) and COMIDDS (formerly Intrusion Detection Datasets, arxiv.org/abs/2408.02521), respectively. 🤗

Arrived in wonderful Philly to attend #usesec24 and #cset. If you are around come by and discuss any cool topics related to security of industrial networks / cyber-physical systems / IoT and/or intrusion detection (or simply to say hi to Spicy, our group mascot). 1/2

We received a Distinguished Artifact Award for our #usesec24 paper "You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks"! 😊 usenix.org/conference/use…