Host Based Intrusion Detection System with Combined CNN/RNN Model

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

101 Citations (Scopus)

Abstract

Cyber security has become one of the most challenging aspects of modern world digital technology and it has become imperative to minimize and possibly avoid the impact of cybercrimes. Host based intrusion detection systems help to protect systems from various kinds of malicious cyber attacks. One approach is to determine normal behaviour of a system based on sequences of system calls made by processes in the system [1]. This paper describes a computational efficient anomaly based intrusion detection system based on Recurrent Neural Networks. Using Gated Recurrent Units rather than the normal LSTM networks it is possible to obtain a set of comparable results with reduced training times. The incorporation of stacked CNNs with GRUs leads to improved anomaly IDS. Intrusion Detection is based on determining the probability of a particular call sequence occurring from a language model trained on normal call sequences from the ADFA Data set of system call traces [2]. Sequences with a low probability of occurring are classified as an anomaly.

Original languageEnglish
Title of host publicationECML PKDD 2018 Workshops - Nemesis 2018, UrbReas 2018, SoGood 2018, IWAISe 2018, and Green Data Mining 2018, Proceedings
EditorsCarlos Alzate, Anna Monreale
PublisherSpringer-Verlag GmbH and Co. KG
Pages149-158
Number of pages10
ISBN (Print)9783030134525
DOIs
Publication statusPublished - 2019
EventEuropean Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases, ECML PKDD 2018 - Dublin, Ireland
Duration: 10 Sep 201814 Sep 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11329 LNAI
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceEuropean Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases, ECML PKDD 2018
Country/TerritoryIreland
CityDublin
Period10/09/1814/09/18

Keywords

  • Convolutional Neural Network (CNN)
  • Gated Recurrent Unit (GRU)
  • Host based intrusion detection systems (HIDS)
  • Recurrent Neural Network (RNN)
  • System calls

Fingerprint

Dive into the research topics of 'Host Based Intrusion Detection System with Combined CNN/RNN Model'. Together they form a unique fingerprint.

Cite this