Host based intrusion detection system using frequency analysis of n-gram terms

“…Subba et al [37] proposed a novel HIDS framework to reduce computation and be resource intensive. The proposed framework firstly turns the system call traces into n-gram vectors and then reduces the size of the input feature vectors by applying a dimensionality reduction.…”

Section: ) Related Workmentioning

confidence: 99%

A Comprehensive Systematic Literature Review on Intrusion Detection Systems

Ozkan-Okay¹,

Samet

Aslan

et al. 2021

IEEE Access

View full text Add to dashboard Cite

“…For example, N size can be 1, denoting unigram; 2, denoting a bigram; 3, denoting a tri-gram [17,129]. In terms of exploiting N-gram location for intrusion detection, there exist many IDSs that use the N-gram technique to analyze network packets payload; two examples are specified in [130][131][132]. The N-grams are used to model the language that characterizes a network traffic profile, since each different N-gram is interpreted as a different feature space used to represent the traffic.…”

Section: Feature Extractionmentioning

confidence: 99%

Classifier Performance Evaluation for Lightweight IDS Using Fog Computing in IoT Security

et al. 2021

View full text Add to dashboard Cite

In this article, a Host-Based Intrusion Detection System (HIDS) using a Modified Vector Space Representation (MVSR) N-gram and Multilayer Perceptron (MLP) model for securing the Internet of Things (IoT), based on lightweight techniques and using Fog Computing devices, is proposed. The Australian Defence Force Academy Linux Dataset (ADFA-LD), which contains exploits and attacks on various applications, is employed for the analysis. The proposed method is divided into the feature extraction stage, the feature selection stage, and classification modeling. To maintain the lightweight criteria, the feature extraction stage considers a combination of 1-gram and 2-gram for the system call encoding. In addition, a Sparse Matrix is used to reduce the space by keeping only the weight of the features that appear in the trace, thus ignoring the zero weights. Subsequently, Linear Correlation Coefficient (LCC) is utilized to compensate for any missing N-gram in the test data. In the feature selection stage, the Mutual Information (MI) method and Principle Component Analysis (PCA) are utilized and then compared to reduce the number of input features. Following the feature selection stage, the modeling and performance evaluation of various Machine Learning classifiers are conducted using a Raspberry Pi IoT device. Further analysis of the effect of MLP parameters, such as the number of nodes, number of features, activation, solver, and regularization parameters, is also conducted. From the simulation, it can be seen that different parameters affect the accuracy and lightweight evaluation. By using a single hidden layer and four nodes, the proposed method with MI can achieve 96% accuracy, 97% recall, 96% F1-Measure, 5% False Positive Rate (FPR), highest curve of Receiver Operating Characteristic (ROC), and 96% Area Under the Curve (AUC). It also achieved low CPU time usage of 4.404 (ms) milliseconds and low energy consumption of 8.809 (mj) millijoules.

show abstract

Host based intrusion detection system using frequency analysis of n-gram terms

Cited by 22 publications

References 11 publications

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

A Comprehensive Systematic Literature Review on Intrusion Detection Systems

Classifier Performance Evaluation for Lightweight IDS Using Fog Computing in IoT Security

Contact Info

Product

Resources

About