Affiliation:
1. Department of Information Systems, Faculty of Fundamental Sciences, Vilnius Gediminas Technical University, LT-08412 Vilnius, Lithuania
Abstract
Malware intrusion is a serious threat to cybersecurity; that is why new and innovative methods are constantly being developed to detect and prevent it. This research focuses on malware intrusion detection through the usage of system calls and machine learning. An effective and clearly described system-call grouping method could increase the various metrics of machine learning methods, thereby improving the malware detection rate in host-based intrusion-detection systems. In this article, a risk-based system-call sequence grouping method is proposed that assigns riskiness values from low to high based on function risk value. The application of the newly proposed grouping method improved classification accuracy by 23.4% and 7.6% with the SVM and DT methods, respectively, compared to previous results obtained on the same methods and data. The results suggest the use of lightweight machine learning methods for malware attack can ensure detection accuracy comparable to deep learning methods.
Reference50 articles.
1. Training Guidance with KDD Cup 1999 and NSL-KDD Data Sets of ANIDINR: Anomaly-Based Network Intrusion Detection System;Serinelli;Procedia Comput. Sci.,2020
2. Hay, A., Cid, D., Bary, R., and Northcutt, S. (2008). OSSEC Host-Based Intrusion Detection Guide, Elsevier.
3. Comparison of the Host Based Intrusion Detection Systems and Network Based Intrusion Detection Systems;Efe;Celal Bayar Üniversitesi Fen Bilim. Derg.,2022
4. Post-Attack Intrusion Detection Using Log Files Analysis;Patil;Int. J. Comput. Appl.,2015
5. Anomaly-Based Network Intrusion Detection: Techniques, Systems and Challenges;Vazquez;Comput. Secur.,2009