Host intrusion detection for long stealthy system call sequences

Elgraini, Mohammed Taha; Assem, Nasser; Rachidi, Tajjeeddine

doi:10.1109/cist.2012.6388070

Cited by 7 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their work was evaluated on KDD98, UNM and self-generated ADFA LD data set during the research. Elgraini et al (2012) proposed an unsupervised Naive Bayes based classifier model on long stealthy system call sequences approach. Lengyel et al (2014) proposed the Drakvuf tool for dynamic malware analysis system through the introspection facility of Xen hypervisor.…”

Section: Existing Workmentioning

confidence: 99%

An AI powered system call analysis with bag of word approaches for the detection of intrusions and malware in Australian Defence Force Academy and virtual machine monitor malware attack data set

et al. 2022

View full text Add to dashboard Cite

This study propose the use of AI enabled machine learning algorithms with the Bag‐of‐Word (BoW) methods for the detection of intrusions by analysing the system call patterns. Host based Intrusion Detection System can make use of system call patterns to differentiate between normal and anomalous program behaviours. First, the system call patterns are pre‐processed with different approaches like BoW, BoW with Boolean value, BoW with Probability value and BoW with TF‐IDF. Next machine learning algorithms are used to evaluate the performance of classifier models. We used J48 (C4.5), Random Forrest, RIPPER, KNN, SVM, and NaiveBayes ML algorithms. This process was carried out on ADFA‐LD and on our proposed virtual machine monitor (VMM) malware attack data set for analysis. The proposed work is evaluated based on detection accuracy and false alarm rate metrics. Random Forrest algorithm performs better compared with other ML algorithms in terms of intrusion detection accuracy and false alarm rate on ADFA and VMM malware data set. The proposed data set provide better results compared with ADFA‐LD analysed using ML algorithms. The classifier model trained with ADFA and VMM malware system call data sets may do predictive analytics in detecting security issues for Industry 4.0 systems.

show abstract

Section: Existing Workmentioning

confidence: 99%

An AI powered system call analysis with bag of word approaches for the detection of intrusions and malware in Australian Defence Force Academy and virtual machine monitor malware attack data set

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Elgraini et al [39] estimate the probability of a sequence of calls conditioned on the class (normal/attack) using a first order Markov model-P (s 1 , s 2 , ...|C) = P (s 1 |C)P (s 2 |s 1 , C).... Finally, a NB approach is used to find the most likely class.…”

Section: Sequential Features (N-grams)mentioning

confidence: 99%

“…The original dataset size is 9.3GB, and the 6% dataset size is 4.2GB. [134] University of New Mexico dataset (UNM) In 2004, the UNM dataset was released consisting of four datasets of systems calls executed by active processes; "Synthetic Sendmail UNM, Synthetic Sendmail CERT, live lpr UNM, and live lpr MIT" [39]. Several programs are included "(e.g., programs that run as daemons and those that do not), programs that vary widely in their size and complexity, and different kinds of intrusions (buffer overflows, symbolic link attacks, and Trojan programs).…”

Section: Supplementary Section: Datasetsmentioning

confidence: 99%

A Survey of Intrusion Detection Systems Leveraging Host Data

Glass-Vanderlan¹,

Iannacone²,

Vincent³

et al. 2018

Preprint

View full text Add to dashboard Cite

This survey focuses on intrusion detection systems (IDS) that leverage host-based data sources for detecting attacks on enterprise network. The host-based IDS (HIDS) literature is organized by the input data source, presenting targeted sub-surveys of HIDS research leveraging system logs, audit data, Windows Registry, file systems, and program analysis. While system calls are generally included in audit data, several publicly available system call datasets have spawned a flurry of IDS research on this topic, which merits a separate section. Similarly, a section surveying algorithmic developments that are applicable to HIDS but tested on network data sets is included, as this is a large and growing area of applicable literature. To accommodate current researchers, a supplementary section giving descriptions of publicly available datasets is included, outlining their characteristics and shortcomings when used for IDS evaluation. Related surveys are organized and described. All sections are accompanied by tables concisely organizing the literature and datasets discussed. Finally, challenges, trends, and broader observations are throughout the survey and in the conclusion along with future directions of IDS research.This manuscript has been authored by UT-Battelle, LLC, under contract DE-AC05-00OR22725 with the US Department of Energy (DOE). The US government retains and the publisher, by accepting the article for publication, acknowledges that the US government retains a nonexclusive, paid-up, irrevocable, worldwide license to publish or reproduce the published form of this manuscript, or allow others to do so, for US government purposes. DOE will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan (http://energy.gov/downloads/doe-public-access-plan).

show abstract

Using a Neural Network to Detect Anomalies Given an N-gram Profile

Kim

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Host intrusion detection for long stealthy system call sequences

Cited by 7 publications

References 13 publications

An AI powered system call analysis with bag of word approaches for the detection of intrusions and malware in Australian Defence Force Academy and virtual machine monitor malware attack data set

An AI powered system call analysis with bag of word approaches for the detection of intrusions and malware in Australian Defence Force Academy and virtual machine monitor malware attack data set

A Survey of Intrusion Detection Systems Leveraging Host Data

Using a Neural Network to Detect Anomalies Given an N-gram Profile

Contact Info

Product

Resources

About