Abstract
Along with the drastic growth of telecommunication and networking, the cyber-threats are getting more and more sophisticated and certainly leading to severe consequences. With the fact that various segments of industrial systems are deployed with Information and Computer Technology, the damage of cyber-attacks is now expanding to physical infrastructure. In order to mitigate the damage as well as reduce the False Alarm Rate, an advanced yet well-design Intrusion Detection System (IDS) must be deployed. This paper focuses on system call traces as an object for designing a Host-based anomaly IDS. Sharing several similarities with research objects in Natural Language Processing and Image Recognition, a Host-based IDS design procedure based on Convolutional Neural Network (CNN) for system call traces is implemented. The decent preliminary results harvested from modern benchmarking datasets NGIDS-DS and ADFA-LD demonstrated this approachs feasibility.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
A Guide to TF Layers: Building a Convolutional Neural Network. https://www.tensorflow.org/tutorials/layers. Accessed 08 Mar 2017
A path to unsupervised learning through adversarial networks. https://code.facebook.com/posts/1587249151575490/a-path-to-unsupervised-learning-through-adversarial-networks/. Accessed 03 Mar 2017
Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)
Ashfaq, R.A.R., et al.: Fuzziness based semi-supervised learning approach for intrusion detection system. Inf. Sci. 378, 484–497 (2017)
Canzanese, R., Mancoridis, S., Kam, M.: System call-based detection of malicious processes. In: 2015 IEEE International Conference on Software Quality, Reliability and Security (QRS), pp. 119–124. IEEE (2015)
Ciregan, D., Meier, U., Schmidhuber, J.: Multi-column deep neural networks for image classification. In: 2012 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 3642–3649. IEEE (2012)
Ciresan, D.C., et al.: Convolutional neural network committees for handwritten character classification. In: 2011 International Conference on Document Analysis and Recognition (ICDAR), pp. 1135–1139. IEEE (2011)
Collobert, R., Weston, J.: A unified architecture for natural language processing: deep neural networks with multitask learning. In: Proceedings of the 25th International Conference on Machine Learning, pp. 160–167. ACM (2008)
Convolutional Neural Networks Matlab Documentation. https://au.mathworks.com/help/nnet/convolutional-neural-networks.html. Accessed 08 Mar 2017
DARPA Intrusion Detection Data Sets. https://www.ll.mit.edu/ideval/data/. Accessed 28 Feb 2017
Egmont-Petersen, M., de Ridder, D., Handels, H.: Image processing with neural networks—a review. Pattern Recogn. 35(10), 2279–2301 (2002)
Fan, S., et al.: A dynamic on-line sliding window support vector machine for tunnel settlement prediction. In: 2013 3rd International Conference on Computer Science and Network Technology (ICCSNT), pp. 547–551. IEEE (2013)
Forrest, S., Hofmeyr, S., Somayaji, A.: The evolution of system-call monitoring. In: Annual Computer Security Applications Conference, ACSAC 2008, pp. 418–430. IEEE (2008)
Forrest, S., et al.: A sense of self for unix processes. In: Proceedings of 1996 IEEE Symposium on Security and Privacy, pp. 120–128. IEEE (1996)
Graves, A., Mohamed, A., Hinton, G.: Speech recognition with deep recurrent neural networks. In: 2013 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 6645–6649. IEEE (2013)
Hoang, X.D., Hu, J., Bertok, P.: A multi-layer model for anomaly intrusion detection using program sequences of system calls. In: Proceedings of 11th IEEE International Conference. Citeseer (2003)
Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151–180 (1998)
Horng, S.-J., et al.: A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst. Appl. 38(1), 306–313 (2011)
Introducing DeepText: Facebook’s text understanding engine. https://code.facebook.com/posts/181565595577955/introducing-deeptext-facebook-s-text-understanding-engine/. Accessed 03 Mar 2017
Intrusion Detection System. https://en.wikipedia.org/w/index.php?title=Intrusion_detection_system. Accessed 30 Nov 2016
Jaradat, M., et al.: The internet of energy: smart sensor networks and big data management for smart grid. Procedia Comput. Sci. 56, 592–597 (2015)
Kaneda, Y., Mineno, H.: Sliding window-based support vector regression for predicting micrometeorological data. Expert Syst. Appl. 59, 217–225 (2016)
Karpathy, A., et al.: Large-scale video classification with convolutional neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1725–1732 (2014)
KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 28 Feb 2017
Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J. Int. J. Very Large Data Bases 16(4), 507–521 (2007)
Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems, pp. 1097–1105 (2012)
Liao, Y., Vemuri, V.R.: Use of k-nearest neighbor classifier for intrusion detection. Comput. Secur. 21(5), 439–448 (2002)
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2015)
Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN 2002, vol. 2, pp. 1702–1707. IEEE (2002)
Mukkamala, S., Sung, A.H.: Detecting denial of service attacks using support vector machines. In: The 12th IEEE International Conference on Fuzzy Systems, FUZZ 2003, vol. 2, pp. 1231–1236. IEEE (2003)
Next Generation Intrusion Detection Systems Data Set (NGIDS-DS): Overview. https://research.unsw.edu.au/sites/all/files/facultyadmin/ngids-ds_overview_final.pdf. Accessed 28 Feb 2017
NSL-KDD Data Set. http://www.unb.ca/cic/research/datasets/nsl.html. Accessed 28 Feb 2017
Rectifier (neural networks). https://en.wikipedia.org/wiki/Rectifier_(neural_networks). Accessed Mar 2017
Suzuki, Y., et al.: Proposal to sliding window-based support vector regression. Procedia Comput. Sci. 35, 1615–1624 (2014)
System Call Definition. http://www.linfo.org/system_call.html. Accessed 01 Feb 2017
The ADFA Linux Dataset (ADFA-LD). https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-IDS-Datasets/. Accessed 28 Feb 2017
Xie, M., Hu, J., Yu, X., Chang, E.: Evaluating host-based anomaly detection systems: application of the frequency-based algorithms to ADFA-LD. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 542–549. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11698-3_44
Zhang, Y., Wallace, B.: A sensitivity analysis of (and practitioners’ guide to) convolutional neural networks for sentence classification. In: arXiv preprint arXiv:1510.03820 (2015)
Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. J. Big Data 2(1), 3 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Tran, N.N., Sarker, R., Hu, J. (2018). An Approach for Host-Based Intrusion Detection System Design Using Convolutional Neural Network. In: Hu, J., Khalil, I., Tari, Z., Wen, S. (eds) Mobile Networks and Management. MONAMI 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 235. Springer, Cham. https://doi.org/10.1007/978-3-319-90775-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-90775-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-90774-1
Online ISBN: 978-3-319-90775-8
eBook Packages: Computer ScienceComputer Science (R0)