Por favor, use este identificador para citar o enlazar este ítem:
http://hdl.handle.net/11531/106942Registro completo de metadatos
| Campo DC | Valor | Lengua/Idioma |
|---|---|---|
| dc.contributor.author | Pérez Sánchez, Antonio | es-ES |
| dc.contributor.author | Palacios Hielscher, Rafael | es-ES |
| dc.date.accessioned | 2025-11-05T15:29:26Z | - |
| dc.date.available | 2025-11-05T15:29:26Z | - |
| dc.date.issued | 2023-06-23 | es_ES |
| dc.identifier.uri | http://hdl.handle.net/11531/106942 | - |
| dc.description | Capítulos en libros | es_ES |
| dc.description.abstract | es-ES | |
| dc.description.abstract | The detection and classification of threats in computer systems has been one of the main problems researched in Cybersecurity. As technology evolves, the tactics employed by adversaries have also become more sophisticated to evade detection systems. In consequence, systems that previously detected and classified those threats are now outdated. This paper proposes a detection system based on the analysis of events and matching the risk level with the MITRE ATT&CK matrix and Cyber Kill Chain. Extensive testing of attacks, using nine malware codes and applying three different obfuscation techniques, was performed. Each malicious code was analyzed using the proposed event management system and also executed in a controlled environment to examine if commercial malware detection systems (antivirus) were successful. The results show that evading techniques such as obfuscation and in-memory extraction of malicious payloads, impose unexpected difficulties to standard antivirus software. | en-GB |
| dc.language.iso | en-GB | es_ES |
| dc.publisher | Instituto Nacional de Ciberseguridad; Universidade de Vigo (Vigo, España) | es_ES |
| dc.rights | es_ES | |
| dc.rights.uri | es_ES | |
| dc.source | Libro: VIII Jornadas Nacionales de Investigación en Ciberseguridad - JNIC 2023, Página inicial: 569-570, Página final: | es_ES |
| dc.subject.other | Instituto de Investigación Tecnológica (IIT) | es_ES |
| dc.title | Evaluation of local security event management system vs. standard antivirus software | es_ES |
| dc.type | info:eu-repo/semantics/bookPart | es_ES |
| dc.description.version | info:eu-repo/semantics/publishedVersion | es_ES |
| dc.rights.accessRights | info:eu-repo/semantics/restrictedAccess | es_ES |
| dc.keywords | es-ES | |
| dc.keywords | SIEM; antivirus; event-based threat detection; MITRE; Cyber Kill Chain | en-GB |
| Aparece en las colecciones: | Artículos | |
Ficheros en este ítem:
No hay ficheros asociados a este ítem.
Los ítems de DSpace están protegidos por copyright, con todos los derechos reservados, a menos que se indique lo contrario.