{"id":21241513,"url":"https://github.com/shayanb/stide-ads","last_synced_at":"2025-07-10T20:31:06.657Z","repository":{"id":142760591,"uuid":"13758871","full_name":"shayanb/Stide-ADS","owner":"shayanb","description":"System Call based Anomoly Detection System","archived":false,"fork":false,"pushed_at":"2013-11-03T19:10:48.000Z","size":2432,"stargazers_count":7,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-05T17:05:46.462Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shayanb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-10-22T00:14:49.000Z","updated_at":"2022-04-07T08:31:52.000Z","dependencies_parsed_at":"2023-03-14T23:15:38.361Z","dependency_job_id":null,"html_url":"https://github.com/shayanb/Stide-ADS","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/shayanb/Stide-ADS","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shayanb%2FStide-ADS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shayanb%2FStide-ADS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shayanb%2FStide-ADS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shayanb%2FStide-ADS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shayanb","download_url":"https://codeload.github.com/shayanb/Stide-ADS/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shayanb%2FStide-ADS/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264652660,"owners_count":23644302,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-21T00:55:57.552Z","updated_at":"2025-07-10T20:31:04.173Z","avatar_url":"https://github.com/shayanb.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Stide-ADS\n=========\n\nSystem Call based Anomaly Detection System\nPython - STIDE technique (sequence time-delay embedding)\n\n\nSTIDE technique Readings:\n------------------------\nForrest et al. employed a methodology motivated by immune systems. \nThis characterizes the problem as distinguishing ‘self’ from ‘non-self’ (normal and abnormal behaviors respectively). An event horizon is built from a sliding window applied to the sequence of system calls made by an application during normal use. The sequences formed by the sliding window are stored in a table that establishes the normal behavior model. During the deployment (detection) phase, if the pattern from the sliding window is not in the normal behavior database it is considered a mismatch.\nInput to the Stide detector takes the form of system call traces of an application for which the detector is trained. Specifically, Stide builds a “normal database” by segmenting the training data (of system call traces) into fixed length sequences . To do so, a sliding window of N is employed over the training dataset and the resulting system call patterns are stored in the “normal database”. During testing, the same sliding window size is employed on the data. Resulting patterns are compared against the “normal database” and if there is no match, a mismatch is recorded. Given a window size of N and system call trace length M, anomaly rate for the trace is calculated by dividing the number of mismatches by the number of sliding window patterns (i.e. M – N + 1).\n[4]\n\n\n1- S. Forrest, S. Hofmeyr, A. SoMayaji, and T. Longstaff, “A sense of self for Unix processes,” in Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on, May. 1996, pp. 120–128.\n\n2- S. Forrest, S. A. Hofmeyr, and A. SoMayaji, “Computer immunology,” Commun. ACM, vol. 40, no. 10, pp. 88–96, Oct. 1997.[Online]. Available: http://doi.acm.org/10.1145/262793.262811 \n\n3- S. A. Hofmeyr, S. Forrest, and A. SoMayaji, “Intrusion detection using sequences of system calls.” Journal of Computer Security, vol. 6, no. 3, p. 151, 1998. [Online]. Available: http://search.ebscohost.com/login.aspx?\ndirect=true\u0026db=tsh\u0026AN=1531432\u0026site=ehost- live\n\n4- Kayacık, H. G., \u0026 Zincir-Heywood, A. N. (2008). Mimicry Attacks Demystified: What Can Attackers Do To Evade Detection? (A. N. Zincir-Heywood, Ed.), 1–11.\nDESCRIPTION OF FILES\n====================\n\n\n-+ Presentation and Paper\n\n------ Presentation.pdf\n\n------ FInal Report.pdf\n\n\n--\u003e Problem description and details regarding the dataset and methods.\n\n\n\n-+ Sample Data\n\n-----+ Anubis-good\n\n-----+ Malware\n\n\n\n--\u003eSample files from the dataset used in this project.\n\n\tfor further information you can check these links:\n\n\t\thttp://anubis.iseclab.org/\n\n\t\thttp://anubis.iseclab.org/?action=publications\n\t\n\t\n-+ Sample outputs\n\n--\u003e Sample output files from the python folder.\n\n\n-+ Python files\n\n------ compare_STIDE.py\n\n-\u003eSTIDE technique implementation with Python\n\n\n------ SysCallExtract.py\n\n-\u003e Extract system call number sequences from the Anubis Dataset\n\nyou can change the window size and the shift size by changing the W and K values\n\n\n\nLICENSE\n========\nThe MIT License (MIT)\n\nCopyright (c) 2013 Shayan Eskandari\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of\nthis software and associated documentation files (the \"Software\"), to deal in\nthe Software without restriction, including without limitation the rights to\nuse, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of\nthe Software, and to permit persons to whom the Software is furnished to do so,\nsubject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS\nFOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\nCOPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER\nIN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN\nCONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshayanb%2Fstide-ads","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshayanb%2Fstide-ads","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshayanb%2Fstide-ads/lists"}