hngopher.com

       [HN Gopher] Process behaviour anomaly detection using eBPF and u...
       ___________________________________________________________________
        
       Process behaviour anomaly detection using eBPF and unsupervised
       learning
        
       Author : megahz
       Score  : 62 points
       Date   : 2022-08-15 16:02 UTC (6 hours ago)
        
 (HTM) web link (www.evilsocket.net)
 (TXT) w3m dump (www.evilsocket.net)
        
       | brodouevencode wrote:
       | The github link if you just want to look at the code:
       | https://github.com/evilsocket/ebpf-process-anomaly-detection
        
       | nibbleshifter wrote:
       | Hmmm, there's interesting possibilities here to build a kind of
       | application-IDS.
       | 
       | Execute and monitor a program/app while running its full test
       | suite, to generate a model of all the stuff that program normally
       | does.
       | 
       | Then monitor it in prod and if it starts behaving weirdly, kill
       | it (and investigate).
       | 
       | I wonder how well the models will hold up against attacks that
       | merely exercise normal application functions in unusual ways?
        
       ___________________________________________________________________
       (page generated 2022-08-15 23:00 UTC)