Host intrusion detection using system call argument-based clustering combined with Bayesian classification

Koucham, Oualid; Rachidi, Tajjeeddine; Assem, Nasser

doi:10.1109/intellisys.2015.7361267

Cited by 15 publications

(11 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Following the same idea, another paper combines support vector machine and another technique in a network intrusion detection system [49], [50]. In [51], a host detection system based on system calls combines clustering and Bayes techniques. Finally, in [52], a network IDS uses two parallel classifiers to detect and track ransomware.…”

Section: Related Workmentioning

confidence: 99%

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

et al. 2021

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

et al. 2021

View full text Add to dashboard Cite

“…Several IDS studies have depended on the BC for the classification of normal and abnormal activities across a network. A clustering-based 2-stage classifier [18] has been presented for the derivation of similar subsets of system calls and models arbitrarily. A combination of clustering with supervised learning ensures the isolation of abnormal network behaviors and introduce domain-level information through carefully selected metrics.…”

Section: Ids Based On Bayesian Classifiermentioning

confidence: 99%

“…This showed the HMM with suitable training and parameter estimation as a powerful method for the development of IDS that can classify traffic as normal or intrusions in real-time. A two-stage clustering-based classifier has also been proposed [18] for the generation of similar subsets of system calls and arbitrarily long sequences such as Markov chains.…”

Section: Ids Based On Bayesian Classifiermentioning

confidence: 99%

Review on Intrusion Detection System Based on The Goal of The Detection System

Khaleel

Ismail

Yunan³

et al. 2018

IJIE

View full text Add to dashboard Cite

show abstract

“…To counter both internal and external intrusions, Intrusion Detection System (IDS) are deployed by network administrators to protect key network and enterprise services from both internal and external intrusion attempts. http://dx.doi.org/10.12785/ijcds/080505 https://journal.uob.edu.bh Two classes of IDSs have emerged, namely (i) those that operate on network traffic called Network Intrusion Detection Systems (NIDS) [4]; they are often collocated with Firewalls and use network traffic traces for detecting intrusions, and (ii) Host Intrusion Detection Systems (HIDS) [5,6]; this breed is deployed on each network host, and uses information other than network traffic to detect intrusions. Such information includes application activity, traces, system calls and their parameters.…”

Section: Introductionmentioning

confidence: 99%

“…[14][15][16][17] to learn the characteristics of both intrusive and normal traffic from the network traffic, then use the learned models to detect attacks/intrusions without signatures [18]. One has to note that anomaly-based techniques have abundantly been applied to HIDS too learning from activities taking place inside a host computer [5]. The learned characteristics can either be in the form of parameter to general models (such as Markov models), rules, graph weights etc.…”

Section: Introductionmentioning

confidence: 99%

Network Based Intrusion Detection Using the UNSW-NB15 Dataset

al.¹

2019

IJCDS

View full text Add to dashboard Cite

In this work, we apply a two stage anomaly-based network intrusion detection process using the UNSW-NB15 dataset. We use Recursive Feature Elimination and Random Forests among other techniques to select the best dataset features for the purpose of machine learning; then we perform a binary classification in order to identify intrusive traffic from normal one, using a number of data mining techniques, including Logistic Regression, Gradient Boost Machine, and Support Vector Machine. Results of this first stage classification show that the use of Support Vector Machine reports the highest accuracy (82.11%). We then feed the output of Support Vector Machine to a range of multinomial classifiers in order to improve the accuracy of predicting the type of attacks. Specifically, we evaluate the performance of Decision Trees (C5.0), Naïve Bayes and multinomial Support Vector Machine. Applying C5.0 yielded the highest accuracy (74%) and F1 score (86%), and the two-stage hybrid classification improved the accuracy of results by up to 12% (achieving a multi-classification accuracy of 86.04%). Finally, with the support of our results, we present constructive criticism of the UNSW-NB15 dataset.

show abstract

Host intrusion detection using system call argument-based clustering combined with Bayesian classification

Cited by 15 publications

References 10 publications

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

Review on Intrusion Detection System Based on The Goal of The Detection System

Network Based Intrusion Detection Using the UNSW-NB15 Dataset

Contact Info

Product

Resources

About