Machine Learning for Host-based Anomaly Detection
نویسندگان
چکیده
Machine Learning for Host-based Anomaly Detection by Gaurav Tandon Dissertation Advisor: Philip K. Chan, Ph.D. Anomaly detection techniques complement signature based methods for intrusion detection. Machine learning approaches are applied to anomaly detection for automated learning and detection. Traditional host-based anomaly detectors model system call sequences to detect novel attacks. This dissertation makes four key contributions to detect host anomalies. First, we present an unsupervised approach to clean training data using novel representations for system call sequences. Second, supervised learning with system call arguments and other attributes is proposed for enriched modeling. Third, techniques to increase model coverage for improved accuracy are presented. Fourth, we propose spatio-temporal modeling to detect suspicious behavior for mobile hosts. Experimental results on various data sets indicate that our techniques are more effective than traditional methods in capturing attack-based host anomalies. Additionally, our supervised methods create succint models and the computational overhead incurred is reasonable for an online anomaly detection system.
منابع مشابه
Assessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing
Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...
متن کاملAnomaly Detection in Computer Security and an Application to File System Accesses
We present an overview of anomaly detection used in computer security, and provide a detailed example of a host-based Intrusion Detection System that monitors file systems to detect abnormal accesses. The File Wrapper Anomaly Detector (FWRAP) has two parts, a sensor that audits file systems, and an unsupervised machine learning system that computes normal models of those accesses. FWRAP employs...
متن کاملAnomaly Detection Using SVM as Classifier and Decision Tree for Optimizing Feature Vectors
Abstract- With the advancement and development of computer network technologies, the way for intruders has become smoother; therefore, to detect threats and attacks, the importance of intrusion detection systems (IDS) as one of the key elements of security is increasing. One of the challenges of intrusion detection systems is managing of the large amount of network traffic features. Removing un...
متن کاملA comparative evaluation of two algorithms for Windows Registry Anomaly Detection
We present a component anomaly detector for a host-based intrusion detection system (IDS) for Microsoft Windows. The core of the detector is a learning-based anomaly detection algorithm that detects attacks on a host machine by looking for anomalous accesses to the Windows Registry. We present and compare two anomaly detection algorithms for use in our IDS system and evaluate their performance....
متن کاملMalware Detection from a Virtual Machine Correlating Unusual Keystrokes, Network Traffic, and Suspicious Registry Access
Current anti-virus malware detection methods focus on signature-based methods. Recent research has introduced new, effective methods of malware detection. First, recent research including cloud-based monitoring and analysis, joint network-host based methods, feature ranking, machine learning and kernel data structure invariant monitoring are reviewed. Second, virtual machine based malware detec...
متن کامل