Abstract
Intrusion Detection systems are used for detecting attacks on a system. The host-based intrusion detection system (HIDS) detect the ongoing attacks on a Host system. HIDS model is proposed using System Call Analysis consisting of two modules, an Anomaly Detection module and a Multi-HMM module for state prediction. Anomaly Detection module uses Long Short-term memory (LSTM) architecture, a special type of Recurrent Neural Network, for detection of anomalies in system call traces. It models the normal behaviour of the system using system call patterns which enables it to detect even ‘Zero-day’ attacks. The State prediction module is based on Multiple Hidden Markov Model (Multi-HMM), in which each HMM model a known attack. It takes a sequence of system calls as input and predicts next ‘N’ most probable system calls during the attack. After performing a number of experiments, results show that the model has high recognition rate and low false alarm rate.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
