DeepAI AI Chat
Log In Sign Up

Comparison of System Call Representations for Intrusion Detection

by   Sarah Wunderlich, et al.
Hochschule Coburg

Over the years, artificial neural networks have been applied successfully in many areas including IT security. Yet, neural networks can only process continuous input data. This is particularly challenging for security-related non-continuous data like system calls. This work focuses on four different options to preprocess sequences of system calls so that they can be processed by neural networks. These input options are based on one-hot encoding and learning word2vec or GloVe representations of system calls. As an additional option, we analyze if the mapping of system calls to their respective kernel modules is an adequate generalization step for (a) replacing system calls or (b) enhancing system call data with additional information regarding their context. However, when performing such preprocessing steps it is important to ensure that no relevant information is lost during the process. The overall objective of system call based intrusion detection is to categorize sequences of system calls as benign or malicious behavior. Therefore, this scenario is used to evaluate the different input options as a classification task. The results show, that each of the four different methods is a valid option when preprocessing input data, but the use of kernel modules only is not recommended because too much information is being lost during the mapping process.


page 1

page 2

page 3

page 4


A Question of Context: Enhancing Intrusion Detection by Providing Context Information

Due to the fourth industrial revolution, and the resulting increase in i...

Intrusion Prediction with System-call Sequence-to-Sequence Model

The advanced development of the Internet facilitates efficient informati...

Malicious Code Execution Detection and Response Immune System inspired by the Danger Theory

The analysis of system calls is one method employed by anomaly detection...

Continuous Features Discretization for Anomaly Intrusion Detectors Generation

Network security is a growing issue, with the evolution of computer syst...

Intrusions in Marked Renewal Processes

We present a probabilistic model of an intrusion in a marked renewal pro...