Abstract
Computer security is one of the main challenges of today's technological infrastructures, whereas intrusion detection systems are one of the most widely used technologies to secure computer systems. The intrusion detection systems use a variety of information sources, one of the most important sources are the applications' system calls. The intrusion detection systems use many different detection techniques, e.g. system calls sequences, text classification techniques and system calls graphs. However, existing techniques obtain poor results in the detection of complex attack patterns, so it is necessary to improve the detection results. This paper presents an intrusion detection system model that integrates multiple detection techniques into a single system with the goal of modeling the global behavior of the applications. In addition, the paper proposes a new modified system calls graph to integrate and represent the information of the different techniques in a single data structure. The system uses a deep neural network to combine the results of the different detection techniques used in the global model. The result of the study shows the improvement obtained in the detection results with respect to the use of individual techniques, the proposed model achieves higher detection rates and lower false positives. The proposal has been validated onto three datasets with different levels of complexity.
Highlights
Application-level intrusion detection systems (IDS) based on the use of system calls are relatively old [1], there has been a significant increase in the number of research papers using system calls to detect intrusions in recent times [2]–[4].There are two main IDS approaches: anomaly detection and signature detection
RESULTS we describe the prototype that has been created with all the components of the model and the tests that have been carried out to validate the proposed system
One of the challenges and open issues in the field of IDS is that attack patterns are increasingly complex and traditional techniques are becoming obsolete, so it is necessary to introduce new techniques or methods that are better suited to complex attack patterns
Summary
Application-level intrusion detection systems (IDS) based on the use of system calls are relatively old [1], there has been a significant increase in the number of research papers using system calls to detect intrusions in recent times [2]–[4].There are two main IDS approaches: anomaly detection and signature detection. Application-level intrusion detection systems (IDS) based on the use of system calls are relatively old [1], there has been a significant increase in the number of research papers using system calls to detect intrusions in recent times [2]–[4]. The anomaly-based IDS defines the normal behavior of the application monitoring its system calls and different behaviors that exceed a certain threshold are classified as intrusion. The signature-based IDS use a database with the behavior of all known malware (malware signatures) and perform the detection monitoring the running applications and looking for these behaviors or signatures. Detection systems have used a variety of techniques to represent application behavior. One of the most widely used techniques models the application behavior as system calls sequences.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
