Top

Published in:

2020 | OriginalPaper | Chapter

Intrusion Prediction and Detection with Deep Sequence Modeling

Authors : Gaurav Sarraf, M. S. Swetha

Published in: Security in Computing and Communications

Publisher: Springer Singapore

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

With the wide adoption of the internet and its applications in recent years, many antagonists have been exploiting information exchange for malicious activities. Intrusion detection and prevention systems are widely researched areas, rightly so being an integral part of network security. Adoption of IDSs and IPSs in networks have shown significant results while expanding research from software solutions to hardware-based solutions, promoting such defensive techniques even further. As with all recent computing trends, Machine Learning and Deep Learning techniques have become extremely prevalent in intrusion detection and prediction systems. There have been attempts to improve state of the art, but none is projecting any significant improvement over the current systems. Traditional systems alert the user after an intrusion has occurred, steps can be taken to stop further expansion of the intrusion, but in most cases, it is too late. Hence catering to this issue, this paper proposes system call prediction using a Recurrent Neural Network (RNNs) and Variational Autoencoding modelling techniques to predict sequences of system calls of a modern computer system. The proposed model makes use of ADFA intrusion dataset to learn long term sequences of system-call executed during an attack on a Linux based web server. The model can to effectively predict and classify sequences of system-calls most likely to occur during a known or unknown (zero-day) attacks.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Malware Detection in Android Applications Using Integrated Static Features

next chapter Secure Authentication Using One Time Contextual QR Code

Stoneburner, G.: Underlying models for information technology security. NIST Special Publication 800-33 (2001)

Kumar, V., Sangwan, O.P.: Signature-based intrusion detection system using SNORT. Int. J. Comput. Appl. Inf. Technol. I(III), 35–41 (2012). ISSN 2278-7720

Jyothsna, V., Prasad, V.V.R., Prasad, K.M.: A review of anomaly-based intrusion detection systems. Int. J. Comput. Appl. 28, 26–35 (2011). ISSN 0975-8887

Forrest, S., Hofmeyr, S., Somayaji, A.: The evolution of SC monitoring. In: Computer Security Applications Conference, ACSAC 2008, pp. 418–430. IEEE (2008)

Xu, Z., Yu, X., Tari, Z.: A multi-module anomaly detection scheme based on system call prediction. In: 2013 Industrial Electronics and Applications, pp. 1376–1381. IEEE (2013)

Chung, Y.-A., Wu, C.-C., Shen, C.-H., Lee, H.-Y., Lee, L.-S.: Audio word2vec: unsupervised learning of audio segment representations using sequence-to-sequence autoencoder. abs/1603.00982 (2016)

Lipton, Z.C., Berkowitz, J., Elkan, C.: A critical review of recurrent neural networks for sequence learning (2015). https://arxiv.org/pdf/1506.00019.pdf

Bengio, Y., Ducharme, R., Vincent, P., Jauvin, C.: A neural probabilistic language model. J. Mach. Learn. Res. 3, 1137–1155 (2003)MATH

Werbos, P.J.: Backpropagation through time: what it does and how to do it. Proc. IEEE 78(10), 1550–1560 (1990)

10.

Bengio, Y., Frasconi, P., Simard, P.: The problem of learning long-term dependencies in recurrent networks. In: IEEE International Conference on Neural Networks, vol. 3, pp. 1183–1188. IEEE (1993)

11.

Fiore, U., Palmieri, F., Castiglione, A., De Santis, A.: Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122, 13–23 (2013). https://doi.org/10.1016/j.neucom.2012.11.050

12.

Benigo, Y., Lamblin, P., Popovici, D., Larochelle, H.: Greedy layer-wise training of deep networks. In: Advances in Neural Information Processing Systems. MIT Press, Cambridge (2007)

13.

Zhengdao, Z., Zhumiao, P., Zhiping, Z.: The study of intrusion prediction based on HsMM. In: Asia-Pacific Services Computing Conference, APSCC 2008, pp. 1358–1363. IEEE (2008)

14.

Qiao, Y., Xin, X.W., Bin, Y.: Anomaly intrusion detection method based on HMM. Electron. Lett. 38(13), 663–664 (2002)CrossRef

15.

Li, Z., Lei, J., Wang, L.: Data mining approach to generating network attack graph for intrusion prediction. In: International Conference on Fuzzy Systems and Knowledge Discovery, pp. 307–311. IEEE (2007)

16.

Feng, L., Guan, X., Guo, S.: Predicting the intrusion intentions by observing system call sequences. Comput. Secur. 23(3), 241–252 (2004)CrossRef

17.

Staudemeyer, Omlin C W.: Evaluating performance of long short-term memory recurrent neural networks on intrusion detection data. South African Institute for Computer Scientists and Information Technologists Conference. 2013:218–224. (2013)

18.

Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate (2014). https://arxiv.org/abs/1409.0473

19.

Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9, 1735–80 (1997). https://doi.org/10.1162/neco.1997.9.8.1735

20.

Gers, F.A., Schmidhuber, J., Cummins, F.: Learning to forget: continual prediction with LSTM. In: Ninth International Conference on Artificial Neural Networks ICANN 1999, (Conf. Publ. No. 470), Edinburgh, UK, vol. 2, pp. 850–855 (1999). https://doi.org/10.1049/cp:19991218

21.

Cho, K., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation (2014). https://arxiv.org/abs/1406.1078

22.

Kingma, D.P., Welling, M.: Auto-encoding variational bayes (2013). arxiv.org/abs/1312.6114

23.

Bahuleyan, H.: Natural language generation with neural variational models (2018). https://arxiv.org/pdf/1808.09012.pdf

24.

Papineni, K., Roukos, S., Ward, T.: BLEU: a method for automatic evaluation of machine translation. In: Meeting on Association for Computational Linguistics. Association for Computational Linguistics, pp. 311–318. (2002)

25.

Creech, G., Hu, J.: Generation of a new IDS test dataset: time to retire the KDD collection. In: Wireless Communications and Networking Conference (WCNC), pp. 4487–4492. IEEE (2013)

26.

Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguous and discontinuous system call patterns. IEEE Trans. Comput. 63, 807–819 (2013)CrossRef

27.

Creech, G.: Developing a high-accuracy cross-platform host-based intrusion detection system capable of reliably detecting zero-day attacks (2014)

28.

Lin, S.-W., Ying, K.-C.: An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection (2012). https://doi.org/10.1016/j.asoc.2012.05.004

29.

Chung, J., Ahn, S., Bengio, Y.: Hierarchical multiscale recurrent neural networks. arXiv:1609.01704 (2012)

30.

Lipton, Z.C., Berkowitz, J., Elkan, C.: A critical review of recurrent neural networks for sequence learning. arXiv:1506.00019 (2012)

Title: Intrusion Prediction and Detection with Deep Sequence Modeling
Authors: Gaurav Sarraf
M. S. Swetha
Publisher: Springer Singapore
Book: Security in Computing and Communications
Print ISBN: 978-981-15-4824-6

Electronic ISBN: 978-981-15-4825-3

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-981-15-4825-3_2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner