Methods for Host-based Intrusion Detection with Deep Learning-Reference-Cited by-同舟云学术

Methods for Host-based Intrusion Detection with Deep Learning

Published:2021-12-31 Issue:4 Volume:2 Page:1-29
ISSN:2692-1626
Container-title:Digital Threats: Research and Practice
language:en
Short-container-title:Digital Threats: Research and Practice

Author:

Ring John H.¹,Van Oort Colin M.²,Durst Samson²,White Vanessa²,Near Joseph P.²,Skalka Christian²

Affiliation:

1. University of Vermont, Department of Computer Science, Burlington, USA and MassMutual, Data Science

2. University of Vermont, Department of Computer Science, Burlington, USA

Abstract

Host-based Intrusion Detection Systems (HIDS) automatically detect events that indicate compromise by adversarial applications. HIDS are generally formulated as analyses of sequences of system events such as bash commands or system calls. Anomaly-based approaches to HIDS leverage models of normal (a.k.a. baseline) system behavior to detect and report abnormal events and have the advantage of being able to detect novel attacks. In this article, we develop a new method for anomaly-based HIDS using deep learning predictions of sequence-to-sequence behavior in system calls. Our proposed method, called the

ALAD

algorithm, aggregates predictions at the application level to detect anomalies. We investigate the use of several deep learning architectures, including WaveNet and several recurrent networks. We show that

ALAD

empowered with deep learning significantly outperforms previous approaches. We train and evaluate our models using an existing dataset, ADFA-LD, and a new dataset of our own construction, PLAID. As deep learning models are black box in nature, we use an alternate approach, allotaxonographs, to characterize and understand differences in baseline vs. attack sequences in HIDS datasets such as PLAID.

Publisher

Association for Computing Machinery (ACM)

Subject

General Medicine

Link

https://dl.acm.org/doi/pdf/10.1145/3461462

Reference73 articles.

1. Martín Abadi Ashish Agarwal Paul Barham Eugene Brevdo Zhifeng Chen Craig Citro Greg S. Corrado Andy Davis Jeffrey Dean Matthieu Devin Sanjay Ghemawat Ian Goodfellow Andrew Harp Geoffrey Irving Michael Isard Yangqing Jia Rafal Jozefowicz Lukasz Kaiser Manjunath Kudlur Josh Levenberg Dandelion Mané Rajat Monga Sherry Moore Derek Murray Chris Olah Mike Schuster Jonathon Shlens Benoit Steiner Ilya Sutskever 2015. TensorFlow: Large-scale Machine Learning on Heterogeneous Systems. Retrieved from https://www.tensorflow.org/.

2. Ensemble classifier for misuse detection using N-gram feature vectors through operating system call traces;Aghaei Ehsan;Int. J. Hybrid Intell. Syst.,2017

3. James P. Anderson. 1980. Computer Security Threat Monitoring and Surveillance. Technical Report. James P. Anderson Company .

Cited by 8 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Real-Time Intrusion Detection and Prevention with Neural Network in Kernel Using eBPF;2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN);2024-06-24

2. Using Machine Learning Techniques to Simulate Network Intrusion Detection;2024 International Conference on Intelligent Systems for Cybersecurity (ISCS);2024-05-03

3. A Systematic Literature Review on Host-Based Intrusion Detection Systems;IEEE Access;2024

4. Adversarial Attacks on Deep Learning-Based Network Intrusion Detection Systems: A Taxonomy and Review;2024

5. Multi-objective optimization algorithms for intrusion detection in IoT networks: A systematic review;Internet of Things and Cyber-Physical Systems;2024