A tfidfvectorizer and singular value decomposition based host intrusion detection system framework for detecting anomalous system processes. Issue 100 (January 2021)
- Record Type:
- Journal Article
- Title:
- A tfidfvectorizer and singular value decomposition based host intrusion detection system framework for detecting anomalous system processes. Issue 100 (January 2021)
- Main Title:
- A tfidfvectorizer and singular value decomposition based host intrusion detection system framework for detecting anomalous system processes
- Authors:
- Subba, Basant
Gupta, Prakriti - Abstract:
- Abstract: Host based intrusion detection systems (HIDSs) are indispensable tools for providing a comprehensive security solution. They are capable of detecting host specific attacks, which cannot be detected using network based intrusion detection systems (NIDSs). This paper proposes a novel tfidfvectorizer and truncated singular value decomposition (SVD) based host intrusion detection system (HIDS) framework for identification of anomalous system processes in real time. The proposed HIDS framework takes the system call trace files as its input and transforms them into n-gram feature vector representational models. The framework then uses a vectorization technique called the tfidfvectorizer to compute the tfidf values of the n-gram terms of the transformed feature vectors. Dimensionality reduction of the transformed n-gram feature vectors are then carried out using truncated SVD based on their tfidf values. The dimensionality reduced tfidfvectorized n-gram feature vectors are finally provided as inputs to various machine learning based classifier models to determine whether the corresponding system call trace files are normal or anomalous. Experimental results on the benchmark ADFA-LD and ADFA-WD datasets show that the proposed HIDS framework effectively detects anomalous system processes with high accuracy and low processing overhead. It is also shown to outperform other HIDS frameworks proposed in the literature.
- Is Part Of:
- Computers & security. Issue 100(2021)
- Journal:
- Computers & security
- Issue:
- Issue 100(2021)
- Issue Display:
- Volume 100, Issue 100 (2021)
- Year:
- 2021
- Volume:
- 100
- Issue:
- 100
- Issue Sort Value:
- 2021-0100-0100-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-01
- Subjects:
- Host based intrusion detection system (HIDS) -- Australian defence force academy linux dataset (ADFA-LD) -- Australian defence force academy window dataset (ADFA-WD) -- Neural networks -- Support vector machine (SVM) -- Decision trees -- Tfidfvectorizer
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2020.102084 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16036.xml