Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns
The existing system call-based anomaly intrusion detection methods can’t accurately describe the behavior of the process by a single trace pattern.In this paper,the process behavior is modeled based on the sequence and frequency patterns of system call trace,and a data-driven anomaly detection frame...
Main Author: | |
---|---|
Format: | Article |
Language: | zho |
Published: |
Editorial office of Computer Science
2022-06-01
|
Series: | Jisuanji kexue |
Subjects: | |
Online Access: | https://www.jsjkx.com/fileup/1002-137X/PDF/1002-137X-2022-49-6-350.pdf |
_version_ | 1797845209482002432 |
---|---|
author | WEI Hui, CHEN Ze-mao, ZHANG Li-qiang |
author_facet | WEI Hui, CHEN Ze-mao, ZHANG Li-qiang |
author_sort | WEI Hui, CHEN Ze-mao, ZHANG Li-qiang |
collection | DOAJ |
description | The existing system call-based anomaly intrusion detection methods can’t accurately describe the behavior of the process by a single trace pattern.In this paper,the process behavior is modeled based on the sequence and frequency patterns of system call trace,and a data-driven anomaly detection framework is designed.The framework could detect both sequential and quantitative anomalies of the system call trace simultaneously.With the help of combinational window mechanism,the framework could realize offline fine-grained learning and online anomaly real-time detection by meeting different requirements of offline trai-ning and online detection for extracting trace information.Performance comparison experiments of unknown anomalies detection are conducted on the ADFA-LD intrusion detection standard dataset.The results show that,compared with the four traditional machine learning methods and four deep learning methods,the comprehensive detection performance of the framework improves by about 10%. |
first_indexed | 2024-04-09T17:35:09Z |
format | Article |
id | doaj.art-9707ce3ce6ba4cae856e4e333f3a47be |
institution | Directory Open Access Journal |
issn | 1002-137X |
language | zho |
last_indexed | 2024-04-09T17:35:09Z |
publishDate | 2022-06-01 |
publisher | Editorial office of Computer Science |
record_format | Article |
series | Jisuanji kexue |
spelling | doaj.art-9707ce3ce6ba4cae856e4e333f3a47be2023-04-18T02:32:00ZzhoEditorial office of Computer ScienceJisuanji kexue1002-137X2022-06-0149635035510.11896/jsjkx.210500031Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency PatternsWEI Hui, CHEN Ze-mao, ZHANG Li-qiang0Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,ChinaThe existing system call-based anomaly intrusion detection methods can’t accurately describe the behavior of the process by a single trace pattern.In this paper,the process behavior is modeled based on the sequence and frequency patterns of system call trace,and a data-driven anomaly detection framework is designed.The framework could detect both sequential and quantitative anomalies of the system call trace simultaneously.With the help of combinational window mechanism,the framework could realize offline fine-grained learning and online anomaly real-time detection by meeting different requirements of offline trai-ning and online detection for extracting trace information.Performance comparison experiments of unknown anomalies detection are conducted on the ADFA-LD intrusion detection standard dataset.The results show that,compared with the four traditional machine learning methods and four deep learning methods,the comprehensive detection performance of the framework improves by about 10%.https://www.jsjkx.com/fileup/1002-137X/PDF/1002-137X-2022-49-6-350.pdfhost-based intrusion detection systems|system calls|deep neural network|long and short-term memory neural network |
spellingShingle | WEI Hui, CHEN Ze-mao, ZHANG Li-qiang Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns Jisuanji kexue host-based intrusion detection systems|system calls|deep neural network|long and short-term memory neural network |
title | Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns |
title_full | Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns |
title_fullStr | Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns |
title_full_unstemmed | Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns |
title_short | Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns |
title_sort | anomaly detection framework of system call trace based on sequence and frequency patterns |
topic | host-based intrusion detection systems|system calls|deep neural network|long and short-term memory neural network |
url | https://www.jsjkx.com/fileup/1002-137X/PDF/1002-137X-2022-49-6-350.pdf |
work_keys_str_mv | AT weihuichenzemaozhangliqiang anomalydetectionframeworkofsystemcalltracebasedonsequenceandfrequencypatterns |