Generative versus discriminative classifiers for android anomaly-based detection system using system calls filtering and abstraction process

2016 ◽  
Vol 9 (16) ◽  
pp. 3483-3495 ◽  
Author(s):  
Abdelfattah Amamra ◽  
Jean-Marc Robert ◽  
Andrien Abraham ◽  
Chamseddine Talhi
Keyword(s):  
Detection System ◽  
System Calls ◽  
Discriminative Classifiers

Host-Based Intrusion Detection System with System Calls

2019 ◽  
Vol 51 (5) ◽  
pp. 1-36 ◽  
Author(s):  
Ming Liu ◽  
Zhi Xue ◽  
Xianghua Xu ◽  
Changmin Zhong ◽  
Jinjun Chen
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
System Calls

scholarly journals A Lightweight Perceptron-Based Intrusion Detection System for Fog Computing

2019 ◽  
Vol 9 (1) ◽  
pp. 178 ◽  
Author(s):  
Belal Sudqi Khater ◽  
Ainuddin Wahid Bin Abdul Wahab ◽  
Mohd Yamani Idna Bin Idris ◽  
Mohammed Abdulla Hussain ◽  
Ashraf Ahmed Ibrahim
Keyword(s):  
Intrusion Detection ◽  
Detection System ◽  
Fog Computing ◽  
Raspberry Pi ◽  
Space Representation ◽  
Location Awareness ◽  
Resource Limitations ◽  
System Calls ◽  
Iot Devices ◽  
Hidden Layer

Fog computing is a paradigm that extends cloud computing and services to the edge of the network in order to address the inherent problems of the cloud, such as latency and lack of mobility support and location-awareness. The fog is a decentralized platform capable of operating and processing data locally and can be installed in heterogeneous hardware which makes it ideal for Internet of Things (IoT) applications. Intrusion Detection Systems (IDSs) are an integral part of any security system for fog and IoT networks to ensure the quality of service. Due to the resource limitations of fog and IoT devices, lightweight IDS is highly desirable. In this paper, we present a lightweight IDS based on a vector space representation using a Multilayer Perceptron (MLP) model. We evaluated the presented IDS against the Australian Defense Force Academy Linux Dataset (ADFA-LD) and Australian Defense Force Academy Windows Dataset (ADFA-WD), which are new generation system calls datasets that contain exploits and attacks on various applications. The simulation shows that by using a single hidden layer and a small number of nodes, we are able to achieve a 94% Accuracy, 95% Recall, and 92% F1-Measure in ADFA-LD and 74% Accuracy, 74% Recall, and 74% F1-Measure in ADFA-WD. The performance is evaluated using a Raspberry Pi.

scholarly journals Exploitation of DNS Tunneling for Optimization of Data Exfiltration in Malware-free APT Intrusions

2017 ◽  
Vol 1 (1) ◽  
pp. 51-56
Author(s):  
Aaron Zimba ◽  
Mumbi Chishimba
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Traffic Analysis ◽  
System Calls ◽  
Targeted Attacks ◽  
Low Threshold ◽  
Mitigation Techniques

One of the main goals of targeted attacks include data exfiltration. Attackers penetrate systems using various forms of attack vectors but the hurdle comes in exfiltrating the data. APT attackers even reside in a host for long periods of time whilst seeking the best option to exfiltrate data. Most data exfiltration techniques are prone to detection by intrusion detection system. Therefore, data exfiltration methodologies that generate little noise if any at all are attractive to attackers and can go undetected for long periods owing the low threshold of generated noise in form network traffic and system calls. In this paper, we present malware-free intrusion, an attack methodology which does not explicitly use malware to exfiltrate data. Our attack structure exploits the use of system services and resources not limited to RDP, PowerShell, Windows accessibility backdoor and DNS tunneling. Results show that it’s possible to exfiltrate data from vulnerable hosts using malwarefree intrusion as an infection vector and DNS tunneling as a data exfiltration technique. We test the attack on both Windows and Linux system over different networks. Mitigation techniques are suggested based on traffic analysis captured from the established secure DNS tunnels on the network.

scholarly journals Enhanced Host-Based Intrusion Detection Using System Call Traces

2019 ◽  
Vol 8 (2) ◽  
pp. 93-109
Author(s):  
Yaqoob S. Ikram Yaqoob S. Ikram
Keyword(s):  
Intrusion Detection ◽  
Detection Rate ◽  
Environmental Changes ◽  
Detection System ◽  
Computational Cost ◽  
System Call ◽  
High Detection Rate ◽  
Learning Time ◽  
System Calls ◽  
Almost All

To detect zero-day attacks in modern systems, several host-based intrusion detection systems are proposed using the newly compiled ADFA-LD dataset. These techniques use the system call traces of the dataset to detect anomalies, but generally they suffer either from high computational cost as in window-based techniques or low detection rate as in frequency-based techniques. To enhance the accuracy and speed, we propose a host-based intrusion detection system based on distinct short sequences extraction from traces of system calls with a novel algorithm to detect anomalies. To the best of our knowledge, the obtained results of the proposed system are superior to all up-to-date published systems in terms of computational cost and learning time. The obtained detection rate is also much higher than almost all compared systems and is very close to the highest result. In particular, the proposed system provides the best combination of high detection rate and very small learning time. The developed prototype achieved 90.48% detection rate, 22.5% false alarm rate, and a learning time of about 30 seconds. This provides high capability to detect zero-day attacks and also makes it flexible to cope with any environmental changes since it can learn quickly and incrementally without the need to rebuild the whole classifier from scratch.

Sign in / Sign up

Export Citation Format

Share Document