Abstract

Host-based anomaly intrusion detection system design is very challenging due to the notoriously high false alarm rate. This paper introduces a new host-based anomaly intrusion detection methodology using discontiguous system call patterns, in an attempt to increase detection rates whilst reducing false alarm rates. The key concept is to apply a semantic structure to kernel level system calls in order to reflect intrinsic activities hidden in high-level programming languages, which can help understand program anomaly behaviour. Excellent results were demonstrated using a variety of decision engines, evaluating the KDD98 and UNM data sets, and a new, modern data set. The ADFA Linux data set was created as part of this research using a modern operating system and contemporary hacking methods, and is now publicly available. Furthermore, the new semantic method possesses an inherent resilience to mimicry attacks, and demonstrated a high level of portability between different operating system versions.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
A host-based anomaly detection approach by representing system calls as states of kernel modules
Syed Shariyar Murtaza ... Mario Couture
-
Syed Shariyar Murtaza, et. al.Syed Shariyar Murtaza ... Mario Couture
01 Nov 2013
Twentieth century shifts in abundance and composition of vegetation types of theSierraNevada, CA,US
Christopher R Dolanc ... James H Thorne
Applied Vegetation Science | VOL. 17
Christopher R Dolanc, et. al.Christopher R Dolanc ... James H Thorne
04 Dec 2013
File system virtual appliances
Michael Abd-El-Malek ... Michael K Reiter
ACM Transactions on Storage | VOL. 8
Michael Abd-El-Malek, et. al.Michael Abd-El-Malek ... Michael K Reiter
01 Sep 2012
Cross‐validation based assessment of a new Bayesian palaeoclimate model
S Mukhopadhyay ... S Bhattacharya
Environmetrics | VOL. 24
S Mukhopadhyay, et. al.S Mukhopadhyay ... S Bhattacharya
01 Dec 2013
View more papers

More From: IEEE Transactions on Computers

Paper Title
Journal
Date
Author
Land of Oz: Resolving Orderless Writes in Zoned Namespace SSDs
Yingjia Wang ... Ming-Chang Yang
IEEE Transactions on Computers | VOL. 73
Yingjia Wang, et. al.Yingjia Wang ... Ming-Chang Yang
01 Nov 2024
Optimized Quantum Circuit of AES With Interlacing-Uncompute Structure
Mengyuan Zhang ... Wenling Wu
IEEE Transactions on Computers | VOL. 73
Mengyuan Zhang, et. al.Mengyuan Zhang ... Wenling Wu
01 Nov 2024
High-Performance Tensor-Train Primitives Using GPU Tensor Cores
Xiao-Yang Liu ... Hao Hong
IEEE Transactions on Computers | VOL. 73
Xiao-Yang Liu, et. al.Xiao-Yang Liu ... Hao Hong
01 Nov 2024
PruneAug: Bridging DNN Pruning and Inference Latency on Diverse Sparse Platforms Using Automatic Layerwise Block Pruning
Hanfei Geng ... Guangzhong Sun
IEEE Transactions on Computers | VOL. 73
Hanfei Geng, et. al.Hanfei Geng ... Guangzhong Sun
01 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.