Skip to main content
SpringerLink
Log in

An Approach for Host-Based Intrusion Detection System Design Using Convolutional Neural Network

  • Conference paper
  • First Online:
Mobile Networks and Management (MONAMI 2017)

Included in the following conference series:

Abstract

Along with the drastic growth of telecommunication and networking, the cyber-threats are getting more and more sophisticated and certainly leading to severe consequences. With the fact that various segments of industrial systems are deployed with Information and Computer Technology, the damage of cyber-attacks is now expanding to physical infrastructure. In order to mitigate the damage as well as reduce the False Alarm Rate, an advanced yet well-design Intrusion Detection System (IDS) must be deployed. This paper focuses on system call traces as an object for designing a Host-based anomaly IDS. Sharing several similarities with research objects in Natural Language Processing and Image Recognition, a Host-based IDS design procedure based on Convolutional Neural Network (CNN) for system call traces is implemented. The decent preliminary results harvested from modern benchmarking datasets NGIDS-DS and ADFA-LD demonstrated this approachs feasibility.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. A Guide to TF Layers: Building a Convolutional Neural Network. https://www.tensorflow.org/tutorials/layers. Accessed 08 Mar 2017

  2. A path to unsupervised learning through adversarial networks. https://code.facebook.com/posts/1587249151575490/a-path-to-unsupervised-learning-through-adversarial-networks/. Accessed 03 Mar 2017

  3. Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)

    Article  Google Scholar 

  4. Ashfaq, R.A.R., et al.: Fuzziness based semi-supervised learning approach for intrusion detection system. Inf. Sci. 378, 484–497 (2017)

    Article  Google Scholar 

  5. Canzanese, R., Mancoridis, S., Kam, M.: System call-based detection of malicious processes. In: 2015 IEEE International Conference on Software Quality, Reliability and Security (QRS), pp. 119–124. IEEE (2015)

    Google Scholar 

  6. Ciregan, D., Meier, U., Schmidhuber, J.: Multi-column deep neural networks for image classification. In: 2012 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 3642–3649. IEEE (2012)

    Google Scholar 

  7. Ciresan, D.C., et al.: Convolutional neural network committees for handwritten character classification. In: 2011 International Conference on Document Analysis and Recognition (ICDAR), pp. 1135–1139. IEEE (2011)

    Google Scholar 

  8. Collobert, R., Weston, J.: A unified architecture for natural language processing: deep neural networks with multitask learning. In: Proceedings of the 25th International Conference on Machine Learning, pp. 160–167. ACM (2008)

    Google Scholar 

  9. Convolutional Neural Networks Matlab Documentation. https://au.mathworks.com/help/nnet/convolutional-neural-networks.html. Accessed 08 Mar 2017

  10. DARPA Intrusion Detection Data Sets. https://www.ll.mit.edu/ideval/data/. Accessed 28 Feb 2017

  11. Egmont-Petersen, M., de Ridder, D., Handels, H.: Image processing with neural networks—a review. Pattern Recogn. 35(10), 2279–2301 (2002)

    Article  Google Scholar 

  12. Fan, S., et al.: A dynamic on-line sliding window support vector machine for tunnel settlement prediction. In: 2013 3rd International Conference on Computer Science and Network Technology (ICCSNT), pp. 547–551. IEEE (2013)

    Google Scholar 

  13. Forrest, S., Hofmeyr, S., Somayaji, A.: The evolution of system-call monitoring. In: Annual Computer Security Applications Conference, ACSAC 2008, pp. 418–430. IEEE (2008)

    Google Scholar 

  14. Forrest, S., et al.: A sense of self for unix processes. In: Proceedings of 1996 IEEE Symposium on Security and Privacy, pp. 120–128. IEEE (1996)

    Google Scholar 

  15. Graves, A., Mohamed, A., Hinton, G.: Speech recognition with deep recurrent neural networks. In: 2013 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 6645–6649. IEEE (2013)

    Google Scholar 

  16. Hoang, X.D., Hu, J., Bertok, P.: A multi-layer model for anomaly intrusion detection using program sequences of system calls. In: Proceedings of 11th IEEE International Conference. Citeseer (2003)

    Google Scholar 

  17. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151–180 (1998)

    Article  Google Scholar 

  18. Horng, S.-J., et al.: A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst. Appl. 38(1), 306–313 (2011)

    Article  Google Scholar 

  19. Introducing DeepText: Facebook’s text understanding engine. https://code.facebook.com/posts/181565595577955/introducing-deeptext-facebook-s-text-understanding-engine/. Accessed 03 Mar 2017

  20. Intrusion Detection System. https://en.wikipedia.org/w/index.php?title=Intrusion_detection_system. Accessed 30 Nov 2016

  21. Jaradat, M., et al.: The internet of energy: smart sensor networks and big data management for smart grid. Procedia Comput. Sci. 56, 592–597 (2015)

    Article  Google Scholar 

  22. Kaneda, Y., Mineno, H.: Sliding window-based support vector regression for predicting micrometeorological data. Expert Syst. Appl. 59, 217–225 (2016)

    Article  Google Scholar 

  23. Karpathy, A., et al.: Large-scale video classification with convolutional neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1725–1732 (2014)

    Google Scholar 

  24. KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 28 Feb 2017

  25. Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J. Int. J. Very Large Data Bases 16(4), 507–521 (2007)

    Article  Google Scholar 

  26. Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems, pp. 1097–1105 (2012)

    Google Scholar 

  27. Liao, Y., Vemuri, V.R.: Use of k-nearest neighbor classifier for intrusion detection. Comput. Secur. 21(5), 439–448 (2002)

    Article  Google Scholar 

  28. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2015)

    Google Scholar 

  29. Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN 2002, vol. 2, pp. 1702–1707. IEEE (2002)

    Google Scholar 

  30. Mukkamala, S., Sung, A.H.: Detecting denial of service attacks using support vector machines. In: The 12th IEEE International Conference on Fuzzy Systems, FUZZ 2003, vol. 2, pp. 1231–1236. IEEE (2003)

    Google Scholar 

  31. Next Generation Intrusion Detection Systems Data Set (NGIDS-DS): Overview. https://research.unsw.edu.au/sites/all/files/facultyadmin/ngids-ds_overview_final.pdf. Accessed 28 Feb 2017

  32. NSL-KDD Data Set. http://www.unb.ca/cic/research/datasets/nsl.html. Accessed 28 Feb 2017

  33. Rectifier (neural networks). https://en.wikipedia.org/wiki/Rectifier_(neural_networks). Accessed Mar 2017

  34. Suzuki, Y., et al.: Proposal to sliding window-based support vector regression. Procedia Comput. Sci. 35, 1615–1624 (2014)

    Article  Google Scholar 

  35. System Call Definition. http://www.linfo.org/system_call.html. Accessed 01 Feb 2017

  36. The ADFA Linux Dataset (ADFA-LD). https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-IDS-Datasets/. Accessed 28 Feb 2017

  37. Xie, M., Hu, J., Yu, X., Chang, E.: Evaluating host-based anomaly detection systems: application of the frequency-based algorithms to ADFA-LD. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 542–549. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11698-3_44

    Chapter  Google Scholar 

  38. Zhang, Y., Wallace, B.: A sensitivity analysis of (and practitioners’ guide to) convolutional neural networks for sentence classification. In: arXiv preprint arXiv:1510.03820 (2015)

  39. Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. J. Big Data 2(1), 3 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of New South Wales Canberra at the Australian Defence Force Academy, Canberra, Australia

    Nam Nhat Tran, Ruhul Sarker & Jiankun Hu

Authors
  1. Nam Nhat Tran
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruhul Sarker
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiankun Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nam Nhat Tran .

Editor information

Editors and Affiliations

  1. SEIT, UNSW Canberra, Canberra, Australia

    Jiankun Hu

  2. RMIT University, Melbourne, Victoria, Australia

    Ibrahim Khalil

  3. RMIT University, Melbourne, Victoria, Australia

    Zahir Tari

  4. Swinburne University of Technology, Hawthorne, Melbourne, Victoria, Australia

    Sheng Wen

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tran, N.N., Sarker, R., Hu, J. (2018). An Approach for Host-Based Intrusion Detection System Design Using Convolutional Neural Network. In: Hu, J., Khalil, I., Tari, Z., Wen, S. (eds) Mobile Networks and Management. MONAMI 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 235. Springer, Cham. https://doi.org/10.1007/978-3-319-90775-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-90775-8_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-90774-1

  • Online ISBN: 978-3-319-90775-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation