Comparison of anomaly detection accuracy of host-based intrusion detection systems based on different machine learning algorithms

被引:0
作者
Shin Y. [1 ]
Kim K. [1 ,2 ]
机构
[1] Department of Data Science, Graduate School of Ajou University, Suwon
[2] Department of Cyber Security, Ajou University, Suwon
来源
International Journal of Advanced Computer Science and Applications | 2020年 / 02期
基金
新加坡国家研究基金会;
关键词
Anomaly detection; Cyber security; Host based intrusion detection system; Machine learning; Simulation; System calls;
D O I
10.14569/ijacsa.2020.0110233
中图分类号
学科分类号
摘要
Among the different host-based intrusion detection systems, an anomaly-based intrusion detection system detects attacks based on deviations from normal behavior; however, such a system has a low detection rate. Therefore, several studies have been conducted to increase the accurate detection rate of anomaly-based intrusion detection systems; recently, some of these studies involved the development of intrusion detection models using machine learning algorithms to overcome the limitations of existing anomaly-based intrusion detection methodologies as well as signature-based intrusion detection methodologies. In a similar vein, in this study, we propose a method for improving the intrusion detection accuracy of anomaly-based intrusion detection systems by applying various machine learning algorithms for classification of normal and attack data. To verify the effectiveness of the proposed intrusion detection models, we use the ADFA Linux Dataset which consists of system call traces for attacks on the latest operating systems. Further, for verification, we develop models and perform simulations for host-based intrusion detection systems based on machine learning algorithms to detect and classify anomalies using the Arena simulation tool. © Science and Information Organization.
引用
收藏
页码:252 / 259
页数:7
相关论文
共 31 条
[1]  
Keromytis A.D., Misra V., Rubenstein D., SOS: Secure Overlay Services, Proceedings of the Conference on Applications, pp. 61-72, (2002)
[2]  
Wagner D., Soto P., Mimicry Attacks on Host-Based Intrusion Detection Systems, Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS '02), pp. 255-264, (2002)
[3]  
Cavusoglu H., Mishra B., Raghunathan S., A Model for Evaluating IT Security Investments, Communications of the ACM, 47, 7, pp. 87-92, (2004)
[4]  
Richards K., Network based Intrusion Detection: A Review of Technologies, Computers & Security, 18, 8, pp. 671-682, (1999)
[5]  
Modi C., Patel D., Borisaniya B., Patel H., Patel A., Rajarajan M., A Survey of Intrusion Detection Techniques in Cloud, Journal of Network and Computer Applications, 36, 1, pp. 42-57, (2013)
[6]  
Depren O., Topallar M., Anarim E., Ciliz M.K., An Intelligent Intrusion Detection System (IDS) for Anomaly and Misuse Detection in Computer Networks, Expert Systems with Applications, 29, 4, pp. 713-722, (2005)
[7]  
Garcia-Teodoro P., Diaz-Verdejo J., Macia-Fernandez G., Vazquez E., Anomaly-based Network Intrusion Detection: Techniques, Systems and Challenges, Computers & Security, 28, 1-2, pp. 18-28, (2009)
[8]  
Creech G., Hu J., A Semantic Approach to Host-based Intrusion Detection Systems using Contiguous and Discontiguous System Call Patterns, IEEE Transactions on Computers, 63, 4, pp. 807-819, (2014)
[9]  
Torkaman A., Javadzadeh G., Bahrololum M., A Hybrid Intelligent HIDS Model using Two-layer Genetic Algorithm and Neural Network, 5th Conference on Information and Knowledge Technology (IKT), pp. 92-96, (2013)
[10]  
Forrest S., Hofmeyr S.A., SoMayaji A., Longstaff T.A., A Sense of Self for Unix Processes, Proceedings of IEEE Symposium on Security and Privacy, pp. 120-128, (1996)
1234