Comparison of System Call Representations for Intrusion Detection

04/15/2019
by   Sarah Wunderlich, et al.
0

Over the years, artificial neural networks have been applied successfully in many areas including IT security. Yet, neural networks can only process continuous input data. This is particularly challenging for security-related non-continuous data like system calls. This work focuses on four different options to preprocess sequences of system calls so that they can be processed by neural networks. These input options are based on one-hot encoding and learning word2vec or GloVe representations of system calls. As an additional option, we analyze if the mapping of system calls to their respective kernel modules is an adequate generalization step for (a) replacing system calls or (b) enhancing system call data with additional information regarding their context. However, when performing such preprocessing steps it is important to ensure that no relevant information is lost during the process. The overall objective of system call based intrusion detection is to categorize sequences of system calls as benign or malicious behavior. Therefore, this scenario is used to evaluate the different input options as a classification task. The results show, that each of the four different methods is a valid option when preprocessing input data, but the use of kernel modules only is not recommended because too much information is being lost during the mapping process.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
05/28/2019

A Question of Context: Enhancing Intrusion Detection by Providing Context Information

Due to the fourth industrial revolution, and the resulting increase in i...
research
06/26/2023

Ensemble of Random and Isolation Forests for Graph-Based Intrusion Detection in Containers

We propose a novel solution combining supervised and unsupervised machin...
research
08/06/2018

Intrusion Prediction with System-call Sequence-to-Sequence Model

The advanced development of the Internet facilitates efficient informati...
research
03/22/2010

Malicious Code Execution Detection and Response Immune System inspired by the Danger Theory

The analysis of system calls is one method employed by anomaly detection...
research
12/15/2020

Intrusion detection in computer systems by using artificial neural networks with Deep Learning approaches

Intrusion detection into computer networks has become one of the most im...
research
03/17/2012

A Study on the Behavior of a Neural Network for Grouping the Data

One of the frequently stated advantages of neural networks is that they ...

Please sign up or login with your details

Forgot password? Click here to reset