[HN Gopher] Process behaviour anomaly detection using eBPF and u... ___________________________________________________________________ Process behaviour anomaly detection using eBPF and unsupervised learning Author : megahz Score : 62 points Date : 2022-08-15 16:02 UTC (6 hours ago) (HTM) web link (www.evilsocket.net) (TXT) w3m dump (www.evilsocket.net) | brodouevencode wrote: | The github link if you just want to look at the code: | https://github.com/evilsocket/ebpf-process-anomaly-detection | nibbleshifter wrote: | Hmmm, there's interesting possibilities here to build a kind of | application-IDS. | | Execute and monitor a program/app while running its full test | suite, to generate a model of all the stuff that program normally | does. | | Then monitor it in prod and if it starts behaving weirdly, kill | it (and investigate). | | I wonder how well the models will hold up against attacks that | merely exercise normal application functions in unusual ways? ___________________________________________________________________ (page generated 2022-08-15 23:00 UTC)