1. Host based intrusion detection system with combined CNN/RNN model
- Author
-
Sheila Fallon, Ashima Chawla, Brian Lee, Paul Jacob, No. 70001, and European Union Horizon 2020
- Subjects
Computer science ,Anomaly-based intrusion detection system ,Gated recurrent unit (GRU) ,Host based intrusion detection systems (HIDS) ,020206 networking & telecommunications ,02 engineering and technology ,Intrusion detection system ,computer.software_genre ,System calls ,Set (abstract data type) ,Host-based intrusion detection system ,Neural networks (Computer science) ,Recurrent neural network ,Computers - Internet security ,System call ,0202 electrical engineering, electronic engineering, information engineering ,Convolution neural networks (CNN) ,020201 artificial intelligence & image processing ,Language model ,Data mining ,Recurrent neural network (RNN) ,Host (network) ,computer ,Software Research Institute AIT - Abstract
Cyber security has become one of the most challenging aspects of modern world digital technology and it has become imperative to minimize and possibly avoid the impact of cybercrimes. Host based intrusion detection systems help to protect systems from various kinds of malicious cyber attacks. One approach is to determine normal behaviour of a system based on sequences of system calls made by processes in the system [1]. This paper describes a computational efficient anomaly based intrusion detection system based on Recurrent Neural Networks. Using Gated Recurrent Units rather than the normal LSTM networks it is possible to obtain a set of comparable results with reduced training times. The incorporation of stacked CNNs with GRUs leads to improved anomaly IDS. Intrusion Detection is based on determining the probability of a particular call sequence occurring from a language model trained on normal call sequences from the ADFA Data set of system call traces [2]. Sequences with a low probability of occurring are classified as an anomaly. yes
- Published
- 2018