Evaluation of applicability of modified vector space representation for in-VM malicious activity detection in Cloud

Borisaniya, Bhavesh; Patel, Kevin; Patel, Dhiren

doi:10.1109/indicon.2014.7030588

Cited by 5 publications

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Modified Vector Space Representation (MVSR) [143] serves as an extension to prior representations and takes into consideration the unique terms, only from the data used to train, via incorporation of the mechanisms needed to handle all unforeseen terms in the course of testing.…”

Section: Proposed Methodsmentioning

confidence: 99%

Classifier Performance Evaluation for Lightweight IDS Using Fog Computing in IoT Security

et al. 2021

View full text Add to dashboard Cite

In this article, a Host-Based Intrusion Detection System (HIDS) using a Modified Vector Space Representation (MVSR) N-gram and Multilayer Perceptron (MLP) model for securing the Internet of Things (IoT), based on lightweight techniques and using Fog Computing devices, is proposed. The Australian Defence Force Academy Linux Dataset (ADFA-LD), which contains exploits and attacks on various applications, is employed for the analysis. The proposed method is divided into the feature extraction stage, the feature selection stage, and classification modeling. To maintain the lightweight criteria, the feature extraction stage considers a combination of 1-gram and 2-gram for the system call encoding. In addition, a Sparse Matrix is used to reduce the space by keeping only the weight of the features that appear in the trace, thus ignoring the zero weights. Subsequently, Linear Correlation Coefficient (LCC) is utilized to compensate for any missing N-gram in the test data. In the feature selection stage, the Mutual Information (MI) method and Principle Component Analysis (PCA) are utilized and then compared to reduce the number of input features. Following the feature selection stage, the modeling and performance evaluation of various Machine Learning classifiers are conducted using a Raspberry Pi IoT device. Further analysis of the effect of MLP parameters, such as the number of nodes, number of features, activation, solver, and regularization parameters, is also conducted. From the simulation, it can be seen that different parameters affect the accuracy and lightweight evaluation. By using a single hidden layer and four nodes, the proposed method with MI can achieve 96% accuracy, 97% recall, 96% F1-Measure, 5% False Positive Rate (FPR), highest curve of Receiver Operating Characteristic (ROC), and 96% Area Under the Curve (AUC). It also achieved low CPU time usage of 4.404 (ms) milliseconds and low energy consumption of 8.809 (mj) millijoules.

show abstract

Section: Proposed Methodsmentioning

confidence: 99%

Classifier Performance Evaluation for Lightweight IDS Using Fog Computing in IoT Security

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Modified Vector Space Representation [16] extends the previous representation (which considers unique terms from training data only) by incorporating mechanism to handle any unforeseen terms during testing. We deliberately add a system call number (we refer it as unknown (unk)) in list, whose value is higher than any system call number present in system call list for OS.…”

Section: Modified Vector Space Representationmentioning

confidence: 99%

Evaluation of Modified Vector Space Representation Using ADFA-LD and ADFA-WD Datasets

Borisaniya¹,

Patel²

2015

JIS

Self Cite

View full text Add to dashboard Cite

Predicting anomalous behaviour of a running process using system call trace is a common practice among security community and it is still an active research area. It is a typical pattern recognition problem and can be dealt with machine learning algorithms. Standard system call datasets were employed to train these algorithms. However, advancements in operating systems made these datasets outdated and un-relevant. Australian Defence Force Academy Linux Dataset (ADFA-LD) and Australian Defence Force Academy Windows Dataset (ADFA-WD) are new generation system calls datasets that contain labelled system call traces for modern exploits and attacks on various applications. In this paper, we evaluate performance of Modified Vector Space Representation technique on ADFA-LD and ADFA-WD datasets using various classification algorithms. Our experimental results show that our method performs well and it helps accurately distinguishing process behaviour through system calls.

show abstract

Towards virtual machine introspection based security framework for cloud

Borisaniya

Patel

2019

Sādhanā

View full text Add to dashboard Cite

Evaluation of applicability of modified vector space representation for in-VM malicious activity detection in Cloud

Cited by 5 publications

References 12 publications

Classifier Performance Evaluation for Lightweight IDS Using Fog Computing in IoT Security

Classifier Performance Evaluation for Lightweight IDS Using Fog Computing in IoT Security

Evaluation of Modified Vector Space Representation Using ADFA-LD and ADFA-WD Datasets

Towards virtual machine introspection based security framework for cloud

Contact Info

Product

Resources

About