Enhanced Host-Based Intrusion Detection Using System Call Traces

Ikram, Yaqoob S. Ikram Yaqoob S.

doi:10.4197/comp.8-2.7

Cited by 2 publications

(1 citation statement)

References 36 publications

(45 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The results showed an average accuracy rate of 70 %, with a FPR of 20 %. The authors [14] propose an algorithm to extract distinct short sequences from traces of system calls. Features after extracting are feed to the machine learning model such as SVM, kNN to detect anomalies.…”

Section: System Call-based Hidsmentioning

confidence: 99%

Combining dynamic and static host intrusion detection features using variational long short-term memory recurrent autoencoder

Nguyen,

Tran

2024

Vestnik SPbSU. Applied Mathematics. Computer Science. Control P

View full text Add to dashboard Cite

Despite the many advantages offered by Host Intrusion Detection Systems (HIDS), they are rarely adopted in mainstream cybersecurity strategies. Unlike Network Intrusion Detection Systems, a HIDS is the last layer of defence between potential attacks and the underlying OSs. One of the main reasons behind this is its poor capabilities to adequately protect against zero-day attacks. With the rising number of zero-day exploits and related attacks, this is an increasingly imperative requirement for a modern HIDS. In this paper variational long short-term memory — recurrent autoencoder approach which improves zero-day attack detection is proposed. We have practically implemented our model using TensorFlow and evaluated its performance using benchmark ADFA-LD and UNM datasets. We have also compared the results against those from notable publications in the area.

show abstract

Section: System Call-based Hidsmentioning

confidence: 99%

Combining dynamic and static host intrusion detection features using variational long short-term memory recurrent autoencoder

Nguyen,

Tran

2024

Vestnik SPbSU. Applied Mathematics. Computer Science. Control P

View full text Add to dashboard Cite

show abstract

Towards a better similarity algorithm for host-based intrusion detection system

Ouarda

Bourenane

Brahim

2023

Journal of Intelligent Systems

View full text Add to dashboard Cite

An intrusion detection system plays an essential role in system security by discovering and preventing malicious activities. Over the past few years, several research projects on host-based intrusion detection systems (HIDSs) have been carried out utilizing the Australian Defense Force Academy Linux Dataset (ADFA-LD). These HIDS have also been subjected to various algorithm analyses to enhance their detection capability for high accuracy and low false alarms. However, less attention is paid to the actual implementation of real-time HIDS. Our principal objective in this study is to create a performant real-time HIDS. We propose a new model, “Better Similarity Algorithm for Host-based Intrusion Detection System” (BSA-HIDS), using the same dataset ADFA-LD. The proposed model uses three classifications to represent the attack folder according to certain criteria, the entire system call sequence is used. Furthermore, this work uses textual distance and compares five algorithms like Levenshtein, Jaro–Winkler, Jaccard, Hamming, and Dice coefficient, to classify the system call trace as attack or non-attack based on the notions of interclass decoupling and intra-class coupling. The model can detect zero-day attacks because of the threshold definition. The experimental results show a good detection performance in real-time for Levenshtein/Jaro–Winkler algorithms, 99–94% in detection rate, 2–5% in false alarm rate, and 3,300–720 s in running time, respectively.

show abstract

Enhanced Host-Based Intrusion Detection Using System Call Traces

Cited by 2 publications

References 36 publications

Combining dynamic and static host intrusion detection features using variational long short-term memory recurrent autoencoder

Combining dynamic and static host intrusion detection features using variational long short-term memory recurrent autoencoder

Towards a better similarity algorithm for host-based intrusion detection system

Contact Info

Product

Resources

About