DAHID: Domain Adaptive Host-based Intrusion Detection

Ajayi, Oluwagbemiga; Gangopadhyay, Aryya

doi:10.1109/csr51186.2021.9527966

Cited by 6 publications

(6 citation statements)

References 20 publications

(27 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Research studies have indicated that SVM and DT are among the most promising methods for anomaly detection. SVM and DT algorithms have been widely used in HIDSs due to their effectiveness in detecting and classifying intrusions [29][30][31]. In the context of HIDSs, SVM can learn the patterns and characteristics of known attacks and identify similar patterns in real-time system behavior, enabling the detection of unknown or novel attacks [29].…”

Section: Methods Description Limitationsmentioning

confidence: 99%

Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection

Vyšniūnas,

Čeponis,

Goranin

et al. 2024

Electronics

View full text Add to dashboard Cite

Malware intrusion is a serious threat to cybersecurity; that is why new and innovative methods are constantly being developed to detect and prevent it. This research focuses on malware intrusion detection through the usage of system calls and machine learning. An effective and clearly described system-call grouping method could increase the various metrics of machine learning methods, thereby improving the malware detection rate in host-based intrusion-detection systems. In this article, a risk-based system-call sequence grouping method is proposed that assigns riskiness values from low to high based on function risk value. The application of the newly proposed grouping method improved classification accuracy by 23.4% and 7.6% with the SVM and DT methods, respectively, compared to previous results obtained on the same methods and data. The results suggest the use of lightweight machine learning methods for malware attack can ensure detection accuracy comparable to deep learning methods.

show abstract

Section: Methods Description Limitationsmentioning

confidence: 99%

Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection

Vyšniūnas,

Čeponis,

Goranin

et al. 2024

Electronics

View full text Add to dashboard Cite

show abstract

“…With the exception of [14], none of the related works discussed in this section provides a comparable cross-domain evaluation of the proposed NIDS across different benchmark datasets. While the methods proposed in [15] and [16] apply domain adaptation techniques on network intrusion detection datasets, they are fundamentally different to our approach, since they rely on the availability of target domain labels, which are difficult to obtain in real-world networks. In contrast, our method proposed in this paper does not require target domain labels, and is hence much more practical.…”

Section: Partially Different Domainsmentioning

confidence: 99%

“…While these previous studies do not require labelled data from the target domain, the next two studies need a small portion of the target domain to have labels. The first paper in this group [15] considers a host-based intrusion detection approach, rather than network intrusion detection, and aims to reduce the number of labelled samples from the target domain. The authors use two different host-based intrusion detection datasets as the source and target domains respectively.…”

Section: Separate Source and Target Domainsmentioning

confidence: 99%

DI-NIDS: Domain Invariant Network Intrusion Detection System

Layeghy¹,

Baktashmotlagh²,

Portmann³

2022

Preprint

View full text Add to dashboard Cite

The performance of machine learning based network intrusion detection systems (NIDSs) severely degrades when deployed on a network with significantly different feature distributions from the ones of the training dataset. In various applications, such as computer vision, domain adaptation techniques have been successful in mitigating the gap between the distributions of the training and test data. In the case of network intrusion detection however, the state-of-the-art domain adaptation approaches have had limited success. According to recent studies, as well as our own results, the performance of an NIDS considerably deteriorates when the 'unseen' test dataset does not follow the training dataset distribution. In order to enhance the generalisibility of machine learning based network intrusion detection systems, we propose to extract domain invariant features using adversarial domain adaptation from multiple network domains, and then apply an unsupervised technique for recognising abnormalities, i.e., intrusions. More specifically, we train a domain adversarial neural network on labelled source domains, extract the domain invariant features, and train a One-Class SVM (OSVM) model to detect anomalies. At test time, we feedforward the unlabeled test data to the feature extractor network to project it into a domain invariant space, and then apply OSVM on the extracted features to achieve our final goal of detecting intrusions. Our extensive experiments on the NIDS benchmark datasets of NFv2-CIC-2018 and NFv2-UNSW-NB15 show that our proposed setup demonstrates superior cross-domain performance in comparison to the previous approaches.

show abstract

“…For the experiments with the Data Augmentation (DA), we process the images as recommended in [4]. For the cybersecurity task, we applied N-Gram data preprocessing, which is commonly used in [29,30]…”

Section: Target Modelmentioning

confidence: 99%

Meta generative image and text data augmentation optimization

Zhang,

Dong,

Wahib

et al. 2024

J Supercomput

View full text Add to dashboard Cite

This paper proposes a method called Meta Generative Data Augmentation Optimization (MGDAO) to overcome limited types of operations for the policy-based automatic data augmentation method. While traditional data augmentation methods have relied on expert intuition to determine effective transformations, recent approaches have attempted to generate data augmentation strategies automatically. However, these automatic methods can still suffer from limited operation sets and difficulty training conditional generative models. To address these issues, MGDAO replaces the limited operations space in the AutoAugment series with a deep-style generator and replaces the discriminator in a generative adversarial model with the validation loss of the target model. These replacements released fixed image operations and made MGDAO useful for sequential data. The generator learns to transform the data from the training domain to the validation data domain. It is further used to generate augmented samples to train the target model and reduce the validation loss. Experiments on classification benchmarks of few-shot image and text-based datasets show that MGDAO achieves competitive results compared to data auto-augmentation methods.

show abstract

DAHID: Domain Adaptive Host-based Intrusion Detection

Cited by 6 publications

References 20 publications

Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection

Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection

DI-NIDS: Domain Invariant Network Intrusion Detection System

Meta generative image and text data augmentation optimization

Contact Info

Product

Resources

About