Recommendation-guided Cyber Threat Analysis using System Audit Records
This paper covers the novel approach of recommendation-based threat detection
ShadeWatcher
. We aim to break down the various components used inShadeWatcher
and make them more accessible to a general audience. Furthermore, the paper contains inferred explanations for undiscussed aspects in the original paper. The paper does not contain an evaluation because of missing comparative data. Nonetheless, we will discuss the current concept's caveats and opportunities.
The project is structured as follows:
- figures: Contains all figures used in the paper
- paper: Contains the
.pdf
files - sections: Contains the
.typ
files for each section - experiments: Contains files to reproduce
ShadeWatcher
setup
: perpares the folderbuild
: builds the docker imagerun
: starts the docker containerstop
: stops the docker container
todo.sh
: additional stuff to run scripts in the container