@article{eresheim_evolution_2017, title = {The {Evolution} of {Process} {Hiding} {Techniques} in {Malware} – {Current} {Threats} and {Possible} {Countermeasures}}, doi = {10/gh3722}, journal = {Journal of Information Processing}, author = {Eresheim, Sebastian and Luh, Robert and Schrittwieser, Sebastian}, year = {2017}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed}, } @misc{eresheim_process_2019, address = {FH St. Pölten}, title = {Process {Behaviour} {Classification}}, author = {Eresheim, Sebastian}, month = feb, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science, SP IT Sec System \& Application Security, Wiss. Beitrag}, } @misc{luh_google_2018, address = {FH St. Pölten}, title = {Google {Hacking}}, author = {Luh, Robert and Eresheim, Sebastian}, month = jan, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security, Vortrag}, } @misc{eresheim_process_2018, address = {Villach}, title = {Process {Behaviour} {Classification}}, abstract = {Anomaly detection has long been used for detecting attacks on networks and computers. Its basic principle is declaring something as the norm and reporting deviations from it. Detecting such abnormalities in process behaviour is a crucial step for determining whether a computer is compromised or not. However, before abnormal behaviour of a process can be detected, the process needs to be correctly classified, because what might be normal for process A is not necessarily normal for process B. Consequently, the classification can already be a detection of behaviour deviations, for example when process A's behaviour is classified as a behaviour of process C. In this talk, a statistical approach is proposed in combination with Machine Learning to classify process behaviour and thus build a baseline of behaviour for each process.}, author = {Eresheim, Sebastian}, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Poster, SP IT Sec Applied Security \& Data Science, SP IT Sec System \& Application Security, Vortrag, Wiss. Beitrag}, }