Host-based anomaly detection using Eigentraces feature extraction and one-class classification on system call trace data

11/25/2019
by   Ehsan Aghaei, et al.
21

This paper proposes a methodology for host-based anomaly detection using a semi-supervised algorithm namely one-class classifier combined with a PCA-based feature extraction technique called Eigentraces on system call trace data. The one-class classification is based on generating a set of artificial data using a reference distribution and combining the target class probability function with artificial class density function to estimate the target class density function through the Bayes formulation. The benchmark dataset, ADFA-LD, is employed for the simulation study. ADFA-LD dataset contains thousands of system call traces collected during various normal and attack processes for the Linux operating system environment. In order to pre-process and to extract features, windowing on the system call trace data followed by the principal component analysis which is named as Eigentraces is implemented. The target class probability function is modeled separately by Radial Basis Function neural network and Random Forest machine learners for performance comparison purposes. The simulation study showed that the proposed intrusion detection system offers high performance for detecting anomalies and normal activities with respect to a set of well-accepted metrics including detection rate, accuracy, and missed and false alarm rates.

READ FULL TEXT

page 1

page 8

research
10/26/2019

Intrusion Detection using Sequential Hybrid Model

A large amount of work has been done on the KDD 99 dataset, most of whic...
research
03/24/2022

SIFT and SURF based feature extraction for the anomaly detection

In this paper, we suggest a way, how to use SIFT and SURF algorithms to ...
research
12/15/2022

DOC-NAD: A Hybrid Deep One-class Classifier for Network Anomaly Detection

Machine Learning (ML) approaches have been used to enhance the detection...
research
03/19/2022

Anomaly Detection in Emails using Machine Learning and Header Information

Anomalies in emails such as phishing and spam present major security ris...
research
12/07/2018

Use Dimensionality Reduction and SVM Methods to Increase the Penetration Rate of Computer Networks

In the world today computer networks have a very important position and ...
research
08/22/2023

Performance Comparison and Implementation of Bayesian Variants for Network Intrusion Detection

Bayesian classifiers perform well when each of the features is completel...
research
05/10/2020

Xanthus: Push-button Orchestration of Host Provenance Data Collection

Host-based anomaly detectors generate alarms by inspecting audit logs fo...

Please sign up or login with your details

Forgot password? Click here to reset