Stacking ensemble-based HIDS framework for detecting anomalous system processes in Windows based operating systems using multiple word embedding

Kumar, Yogendra; Subba, Basant

doi:10.1016/j.cose.2022.102961

Cited by 9 publications

(4 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The HADS framework suggested by Kumar and Subba 28 utilized for the analysis of the procedure files including sequences of dynamic link library training calls created by numerous application and model developments to the Windows functioning model kernel, enabling the detection of anomalous processes. The model deploy files were primarily distorted into their corresponding n‐gram attribute vectors, which were then used as input to train a Stacking Ensemble Model (SEM) built on base classifiers, and a fully connected network built on meta classifier for the detection as either normal or abnormal.…”

Section: Reviewmentioning

confidence: 99%

NHAPMAD: Novel hybrid approaches for privacy‐preserved multiple attacks detection

Seth,

Sharma,

Ratmele

2024

Concurrency and Computation

View full text Add to dashboard Cite

SummaryDetecting anomalies is crucial for maintaining security in Wireless Sensor Networks (WSNs), as they are susceptible to various attacks that compromise nodes and yield inaccurate outcomes. Conventional attack detection approaches face challenges like high false positives, vulnerability to complex attacks, and limited adaptability to changing attacks due to predefined patterns. Additionally, the computational strain on resource‐constrained nodes hampers network efficiency, demanding innovative and resilient security solutions. Therefore, this research work introduces Novel Hybrid Approaches for Privacy‐preserved Multiple Attacks Detection (NHAPMAD) framework in both network attack detection system and host attack detection system. This topology bolsters the network's defense against various types of attacks, thereby ensuring the preservation of sensitive data privacy. Federated learning has been incorporated into the NHAPMAD framework to protect user privacy in WSNs. The introduced framework provides better anomaly detection and reduces false alarms. Additionally, the introduced model protects sensitive data, ensuring the security and integrity of the entire WSN, promoting a stable and dependable operating environment. The introduced method exhibits superior performance across various metrics like overall accuracy (99.6%), F1‐score (99.59%), recall (99.47%), precision (99.63%), detection rate (99.5%), processing time (0.0009 s), etc. compared to traditional approaches, marking a significant advancement in the realm of WSN security.

show abstract

Section: Reviewmentioning

confidence: 99%

NHAPMAD: Novel hybrid approaches for privacy‐preserved multiple attacks detection

Seth,

Sharma,

Ratmele

2024

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…The sequence models capture the semantic meaning of syscalls by calculating the probability distribution over the traces. These include but are not limited to Long-Short Term Memory (LSTM) [ 19 ], Gated Recurrent Units (GRUs), Recurrent Neural Networks (RNNs) [ 20 ], Word2Vec [ 21 ], and GloVe embeddings [ 22 ]. Sequence models have received much interest due to their remarkable ability in capturing inter-word correlations.…”

Section: Related Workmentioning

confidence: 99%

Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems

et al. 2023

View full text Add to dashboard Cite

Research into Intrusion and Anomaly Detectors at the Host level typically pays much attention to extracting attributes from system call traces. These include window-based, Hidden Markov Models, and sequence-model-based attributes. Recently, several works have been focusing on sequence-model-based feature extractors, specifically Word2Vec and GloVe, to extract embeddings from the system call traces due to their ability to capture semantic relationships among system calls. However, due to the nature of the data, these extractors introduce inconsistencies in the extracted features, causing the Machine Learning models built on them to yield inaccurate and potentially misleading results. In this paper, we first highlight the research challenges posed by these extractors. Then, we conduct experiments with new feature sets assessing their suitability to address the detected issues. Our experiments show that Word2Vec is prone to introducing more duplicated samples than GloVe. Regarding the solutions proposed, we found that concatenating the embedding vectors generated by Word2Vec and GloVe yields the overall best balanced accuracy. In addition to resolving the challenge of data leakage, this approach enables an improvement in performance relative to other alternatives.

show abstract

“…3 In order to ensure the safety of IoT systems, researchers are actively investigating novel protection methods. In the same vein, a relatively new branch of machine learning 4 known as Natural Language Processing (NLP) 5 is becoming increasingly crucial to IoT systems' security. Although NLP has grown significantly in recent years, it is still vague how NLP techniques should be employed to protect IoT systems.…”

Section: Introductionmentioning

confidence: 99%

Security in IoT systems using natural language processing: Future challenges and directions

Kumar

2023

Internet Technology Letters

View full text Add to dashboard Cite

The internet of things (IoT) is advancing human lives by providing various intelligent services. The advancement of cutting-edge technologies necessitates an increase in the need for cyber security. In this light, an extensive research has been conducted to address IoT security concerns. However, several security challenges must be addressed before IoT can be utilized to its full potential in real-time. Motivated by this fact, this study presents a novel integration approach of Natural Language Processing (NLP) with IoT systems to enhance its security. It investigates the current state of NLP and its applications. The key contribution of this paper is the development of a system for identifying malicious behaviors in an IoT environment using n-gram and word-embedding techniques. Several security challenges and possible future directions to enhance IoT security using NLP are also addressed in this study.

show abstract

Stacking ensemble-based HIDS framework for detecting anomalous system processes in Windows based operating systems using multiple word embedding

Cited by 9 publications

References 21 publications

NHAPMAD: Novel hybrid approaches for privacy‐preserved multiple attacks detection

NHAPMAD: Novel hybrid approaches for privacy‐preserved multiple attacks detection

Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems

Security in IoT systems using natural language processing: Future challenges and directions

Contact Info

Product

Resources

About