Developing Cross-Domain Host-Based Intrusion Detection-Reference-Cited by-同舟云学术

Developing Cross-Domain Host-Based Intrusion Detection

Published:2022-11-07 Issue:21 Volume:11 Page:3631
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Ajayi Oluwagbemiga^ORCID,Gangopadhyay Aryya,Erbacher Robert F.,Bursat Carl

Abstract

Digital transformation has continued to have a remarkable impact on industries, creating new possibilities and improving the performance of existing ones. Recently, we have seen more deployments of cyber-physical systems and the Internet of Things (IoT) as in no other time. However, cybersecurity is often an afterthought in the design and implementation of many systems; therefore, there usually is an introduction of new attack surfaces as new systems and applications are being deployed. Machine learning has been helpful in creating intrusion detection models, but it is impractical to create attack detection models with acceptable performance for every single computing infrastructure and the various attack scenarios due to the cost of collecting quality labeled data and training models. Hence, there is a need to develop models that can take advantage of knowledge available in a high resource source domain to improve performance of a low resource target domain model. In this work, we propose a novel cross-domain deep learning-based approach for attack detection in Host-based Intrusion Detection Systems (HIDS). Specifically, we developed a method for candidate source domain selection from among a group of potential source domains by computing the similarity score a target domain records when paired with a potential source domain. Then, using different word embedding space combination techniques and transfer learning approach, we leverage the knowledge from a well performing source domain model to improve the performance of a similar model in the target domain. To evaluate our proposed approach, we used Leipzig Intrusion Detection Dataset (LID-DS), a HIDS dataset recorded on a modern operating system that consists of different attack scenarios. Our proposed cross-domain approach recorded significant improvement in the target domains when compared with the results from in-domain approach experiments. Based on the result, the F2-score of the target domain CWE-307 improved from 80% in the in-domain approach to 87% in the cross-domain approach while the target domain CVE-2014-0160 improved from 13% to 85%.

Funder

United States Army Research Laboratory

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/11/21/3631/pdf

Reference58 articles.

1. Snabe Hagemann, J., and Weinelt, B. Digital Transformation of Industries: Demystifying Digital and Securing $100 Trillion for Society and Industry by 2025. 2022.

2. Zhu, J., McClave, E., Pham, Q., Polineni, S., Reinhart, S., Sheatsley, R., and Toth, A. Technical Report. A Vision Toward an Internet of Battlefield Things (IoBT): Autonomous Classifying Sensor Network, 2018.

3. Narayanan, P., Vindiola, M., Park, S., Logie, A., Waytowich, N., Mittrick, M., Richardson, J., Asher, D., and Kott, A. Technical Report. First-Year Report of ARL Directors Strategic Initiative (FY20-23): Artificial Intelligence (AI) for Command and Control (C2) of Multi-Domain Operations (MDO), 2021.

4. Parkavi, R., Nithya, R., and Priyadharshini, G. Digital Terrorism Attack: Types, Effects, and Prevention. Critical Concepts, Standards, and Techniques in Cyber Forensics, 2020.

5. Morgan, S. Available online: https://cybernetsecurity.com/industry-papers/CV-HG-2019-Official-Annual-Cybercrime-Report.pdf. 2019 Official Annual Cybercrime Report, 2022.

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection;Electronics;2024-01-02

2. ATTACK TYPES IN NETWORK ENVIRONMENT: ATTACK SCENARIO EXAMPLES;İstanbul Ticaret Üniversitesi Teknoloji ve Uygulamalı Bilimler Dergisi;2023-08-21

3. A Comprehensive Study of Intrusion Detection within Internet of Things-based Smart Cities: Synthesis, Analysis and a Novel Approach;2023 International Wireless Communications and Mobile Computing (IWCMC);2023-06-19