An AI powered system call analysis with bag of word approaches for the detection of intrusions and malware in Australian Defence Force Academy and virtual machine monitor malware attack data set

Abstract

AbstractThis study propose the use of AI enabled machine learning algorithms with the Bag‐of‐Word (BoW) methods for the detection of intrusions by analysing the system call patterns. Host based Intrusion Detection System can make use of system call patterns to differentiate between normal and anomalous program behaviours. First, the system call patterns are pre‐processed with different approaches like BoW, BoW with Boolean value, BoW with Probability value and BoW with TF‐IDF. Next machine learning algorithms are used to evaluate the performance of classifier models. We used J48 (C4.5), Random Forrest, RIPPER, KNN, SVM, and NaiveBayes ML algorithms. This process was carried out on ADFA‐LD and on our proposed virtual machine monitor (VMM) malware attack data set for analysis. The proposed work is evaluated based on detection accuracy and false alarm rate metrics. Random Forrest algorithm performs better compared with other ML algorithms in terms of intrusion detection accuracy and false alarm rate on ADFA and VMM malware data set. The proposed data set provide better results compared with ADFA‐LD analysed using ML algorithms. The classifier model trained with ADFA and VMM malware system call data sets may do predictive analytics in detecting security issues for Industry 4.0 systems.