Malicious Login Detection
Detect malicious login attempts in the BETH dataset
Hosted by
novaceneai
Installation
To start working on a solution, first install the
cli and then you can download and install
the project in the terminal with
aqora template novaceneai-beth
cd novaceneai-beth
aqora installData Format
Your tasked with identifying anomalies within the BETH dataset. In the project
you will find the function to implement in
src/submission/run.py:async def solution(input: BethEntry) -> bool:Where you receive an entry from the BETH dataset and you have to return
True
if the entry is an anomaly and False otherwise. A BethEntry is a dataclass
that is defined as followsclass BethEntry:
timestamp: float
process_id: int
thread_id: int
parent_process_id: int
user_id: int
mount_namespace: int
process_name: str
host_name: str
event_id: int
event_name: str
stack_addresses: List[int]
return_value: int
args: List[BethArg]
class BethArg:
name: str
type: str
value: strFor example an entry might look like
BethEntry(
timestamp=488.150833,
process_id=7555,
thread_id=7555,
parent_process_id=7548,
user_id=1001,
mount_namespace=4026531840,
process_name="tsm",
host_name="ip-10-100-1-217",
event_id=42,
event_name="connect",
stack_addresses=[],
return_value=-114,
args=[
BethArg(name="sockfd", type="int", value="632"),
BethArg(
name="addr",
type="struct sockaddr*",
value="{'sa_family': 'AF_INET','sin_port': '22','sin_addr': '192.168.20.156'}",
),
BethArg(name="addrlen", type="int", value="16"),
],
)Training
To train your quantum solution there are two sets of labelled datasets in the
project
data folder: training.csv and validation.csv. As a convenience we
have provided an example training function in src/submission/train.py. After
running aqora install you can run the training function with.venv/bin/train
# or on Windows
.venv/Scripts/trainIf you need to store model data with your submission, you can put the model data
into the
model folder and it will be included in your submission.