[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
survey

Host-Based Intrusion Detection System with System Calls: Review and Future Trends

Published: 19 November 2018 Publication History

Abstract

In a contemporary data center, Linux applications often generate a large quantity of real-time system call traces, which are not suitable for traditional host-based intrusion detection systems deployed on every single host. Training data mining models with system calls on a single host that has static computing and storage capacity is time-consuming, and intermediate datasets are not capable of being efficiently handled. It is cumbersome for the maintenance and updating of host-based intrusion detection systems (HIDS) installed on every physical or virtual host, and comprehensive system call analysis can hardly be performed to detect complex and distributed attacks among multiple hosts. Considering these limitations of current system-call-based HIDS, in this article, we provide a review of the development of system-call-based HIDS and future research trends. Algorithms and techniques relevant to system-call-based HIDS are investigated, including feature extraction methods and various data mining algorithms. The HIDS dataset issues are discussed, including currently available datasets with system calls and approaches for researchers to generate new datasets. The application of system-call-based HIDS on current embedded systems is studied, and related works are investigated. Finally, future research trends are forecast regarding three aspects, namely, the reduction of the false-positive rate, the improvement of detection efficiency, and the enhancement of collaborative security.

References

[1]
Mohamed Abdel-Azim, AI Abdel-Fatah, and Mohammed Awad. 2009. Performance analysis of artificial neural network intrusion detection systems. In International Conference on Electrical and Electronics Engineering, 2009 (ELECO’09). IEEE, II--385--II--389.
[2]
Mohiuddin Ahmed, Abdun Naser Mahmood, and Jiankun Hu. 2016. A survey of network anomaly detection techniques. Journal of Network and Computer Applications 60 (2016), 19--31.
[3]
Usman Ahmed and Asif Masood. 2009. Host based intrusion detection using RBF neural networks. In International Conference on Emerging Technologies, 2009 (ICET’09). IEEE, 48--51.
[4]
Suaad Alarifi and Stephen Wolthusen. 2013. Anomaly detection for ephemeral cloud IaaS virtual machines. In International Conference on Network and System Security. Springer, 321--335.
[5]
Suaad S. Alarifi and Stephen D. Wolthusen. 2012. Detecting anomalies in IaaS environments through virtual machine host system call analysis. In 2012 International Conference for Internet Technology And Secured Transactions. IEEE, 211--218.
[6]
AlienVault. 2018. Host-based Intrusion Detection System. Retrieved from https://www.alienvault.com/solutions/host-intrusion-detection-system.
[7]
Mohammed A. Ambusaidi, Xiangjian He, Priyadarsi Nanda, and Zhiyuan Tan. 2016. Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Transactions on Computers 65, 10 (2016), 2986--2998.
[8]
Austin Appleby. 2017. Murmurhash. Retrieved from https://sites.google.com/site/murmurhash/.
[9]
Junaid Arshad, Paul Townend, and Jie Xu. 2013. A novel intrusion severity analysis approach for clouds. Future Generation Computer Systems 29, 1 (2013), 416--428.
[10]
Chandrashekhar Azad and Vijay Kumar Jha. 2013. Data mining in intrusion detection: A comparative study of methods, types and data sets. International Journal of Information Technology and Computer Science (IJITCS) 5, 8 (2013), 75.
[11]
Sean Barnum. 2012. Standardizing cyber threat intelligence information with the structured threat information eXpression (STIX). MITRE Corporation 11 (2012), 1--22.
[12]
VMware Knowledge Base. 2017. esxtop. Retrieved from https://kb.vmware.com/selfservice/microsites/search.do?language=en_US8cmd=displayKC&externalId===1008205.
[13]
Thomas Bläsing, Leonid Batyuk, Aubrey-Derrick Schmidt, Seyit Ahmet Camtepe, and Sahin Albayrak. 2010. An Android application sandbox system for suspicious software detection. In 2010 5th International Conference on Malicious and Unwanted Software (MALWARE’10). IEEE, 55--62.
[14]
Andrei Broder and Michael Mitzenmacher. 2004. Network applications of bloom filters: A survey. Internet Mathematics 1, 4 (2004), 485--509.
[15]
Bsd. 2017. Kernel Virtual Machine. Retrieved from http://www.linux-kvm.org/page/Main_Page.
[16]
Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. 2011. Crowdroid: Behavior-based malware detection system for android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 15--26.
[17]
Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda. 2012. A quantitative study of accuracy in system call-based malware detection. In Proceedings of the 2012 International Symposium on Software Testing and Analysis. ACM, 122--132.
[18]
Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2009. Anomaly detection. Computer Surveys 41, 3 (2009), 1--58.
[19]
Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2012. Anomaly detection for discrete sequences: A survey. IEEE Transactions on Knowledge and Data Engineering 24, 5 (2012), 823--839.
[20]
Qiuwen Chen, Ryan Luley, Qing Wu, Morgan Bishop, Richard W. Linderman, and Qinru Qiu. 2018. AnRAD: A neuromorphic anomaly detection framework for massive concurrent data streams. IEEE Transactions on Neural Networks and Learning Systems 29, 5 (2018), 1622--1636.
[21]
Qiuwen Chen, Qing Wu, Morgan Bishop, Richard Linderman, and Qinru Qiu. 2015. Self-structured confabulation network for fast anomaly detection and reasoning. In 2015 International Joint Conference on Neural Networks (IJCNN’15). IEEE, 1--8.
[22]
The MITRE Corporation. 2017. Common Vulnerabilities and Exposures. Retrieved from https://cve.mitre.org/.
[23]
Gideon Creech. 2014. Developing a High-Accuracy Cross Platform Host-Based Intrusion Detection System Capable of Reliably Detecting Zero-Day Attacks. Ph.D. Dissertation. PhD thesis, University of New South Wales.
[24]
Gideon Creech and Jiankun Hu. 2013. Generation of a new IDS test dataset: Time to retire the KDD collection. In 2013 IEEE Wireless Communications and Networking Conference (WCNC’13). IEEE, 4487--4492.
[25]
Gideon Creech and Jiankun Hu. 2014. A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Transactions on Computers 63, 4 (2014), 807--819.
[26]
Sanjeev Das, Yang Liu, Wei Zhang, and Mahintham Chandramohan. 2016. Semantics-based online malware detection: Towards efficient real-time protection against malware. IEEE Transactions on Information Forensics and Security 11, 2 (2016), 289--302.
[27]
Jesse Davis and Mark Goadrich. 2006. The relationship between precision-recall and ROC curves. In Proceedings of the 23rd International Conference on Machine Learning. ACM, 233--240.
[28]
Richard I. A. Davis, Brian C. Lovell, and Terry Caelli. 2002. Improved estimation of hidden Markov model parameters from multiple observation sequences. In Proceedings of the 16th International Conference on Pattern Recognition, 2002. Vol. 2. IEEE, 168--171.
[29]
Huwaida Tagelsir Elshoush and Izzeldin Mohamed Osman. 2011. Alert correlation in collaborative intelligent intrusion detection systems-A survey. Applied Soft Computing 11, 7 (2011), 4349--4365.
[30]
Ali Feizollah, Nor Badrul Anuar, Rosli Salleh, and Ainuddin Wahid Abdul Wahab. 2015. A review on feature selection in mobile malware detection. Digital Investigation 13 (2015), 22--37.
[31]
Stephen Feldman, Dillon Stadther, and Bing Wang. 2014. Manilyzer: Automated android malware detection through manifest analysis. In 2014 IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems (MASS’14). IEEE, 767--772.
[32]
Shai Fine, Yoram Singer, and Naftali Tishby. 1998. The hierarchical hidden Markov model: Analysis and applications. Machine Learning 32, 1 (1998), 41--62.
[33]
Stephanie Forrest, Steven Hofmeyr, and Anil Somayaji. 2008. The evolution of system-call monitoring. In Annual Computer Security Applications Conference, 2008 (ACSAC’08). IEEE, 418--430.
[34]
Stephanie Forrest, Steven A. Hofmeyr, Aniln Somayaji, and Thomas A. Longstaff. 1996. A sense of self for unix processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996. IEEE, 120--128.
[35]
Alluxio Open Foundation. 2017. Alluxio. Retrieved from http://www.alluxio.org/.
[36]
Apache Software Foundation. 2017. Apache Hadoop YARN. Retrieved from https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/YARN.html.
[37]
Apache Software Foundation. 2017. Apache Kafka a distributed streaming platform. Retrieved from https://kafka.apache.org/.
[38]
The Apache Software Foundation. 2017. Apache Flume. Retrieved from https://flume.apache.org/.
[39]
The Apache Software Foundation. 2018. Spark. Retrieved from http://spark.apache.org/.
[40]
Anup K. Ghosh, Aaron Schwartzbard, and Michael Schatz. 1999. Learning program behavior profiles for intrusion detection. In Workshop on Intrusion Detection and Network Monitoring, Vol. 51462. 1--13.
[41]
Sebastien Godard. 2017. mpstat. Retrieved from http://linuxcommand.org/man_pages/mpstat1.html.
[42]
Ye Gu, Weihua Sheng, Yongsheng Ou, Meiqin Liu, and Senlin Zhang. 2013. Human action recognition with contextual constraints using a RGB-D sensor. In 2013 IEEE International Conference on Robotics and Biomimetics (ROBIO’13). IEEE, 674--679.
[43]
Sanchika Gupta and Padam Kumar. 2015. An immediate system call sequence based approach for detecting malicious program executions in cloud environment. Wireless Personal Communications 81, 1 (2015), 405--425.
[44]
Waqas Haider, Gideon Creech, Yi Xie, and Jiankun Hu. 2016. Windows based data sets for evaluation of robustness of host based intrusion detection systems (IDS) to zero-day and stealth attacks. Future Internet 8, 3 (2016), 29.
[45]
Waqas Haider, Jiankun Hu, Jill Slay, Benjamin Turnbull, and Yi Xie. 2017. Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling. Journal of Network and Computer Applications 87, C (2017), 185--192.
[46]
Waqas Haider, Jiankun Hu, and Miao Xie. 2015. Towards reliable data feature retrieval and decision engine in host-based anomaly detection systems. In 2015 IEEE 10th Conference on Industrial Electronics and Applications (ICIEA’15). IEEE, 513--517.
[47]
Waqas Haider, Jiankun Hu, Yi Xie, Xinghuo Yu, and Qianhong Wu. 2017. Detecting anomalous behavior in cloud servers by nested arc hidden SEMI-Markov model with state summarization. IEEE Transactions on Big Data (2017).
[48]
Waqas Haider, Jiankun Hu, Xinghuo Yu, and Yi Xie. 2015. Integer data zero-watermark assisted system calls abstraction and normalization for host based anomaly detection systems. In 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud’15). IEEE, 349--355.
[49]
Fabian Frederick Henry Ware. 2017. vmstat. Retrieved from http://www.linuxcommand.org/man_pages/vmstat8.html.
[50]
Xuan Dau Hoang, Jiankun Hu, and Peter Bertok. 2003. A multi-layer model for anomaly intrusion detection using program sequences of system calls. In The 11th IEEE International Conference on Networks, 2003 (ICON’03). Citeseer.
[51]
Xuan Dau Hoang, Jiankun Hu, and Peter Bertok. 2009. A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference. Journal of Network and Computer Applications 32, 6 (2009), 1219--1228.
[52]
Sepp Hochreiter and Jürgen Schmidhuber. 1997. Long short-term memory. Neural Computation 9, 8 (1997), 1735--1780.
[53]
Steven A. Hofmeyr, Stephanie Forrest, and Anil Somayaji. 1998. Intrusion detection using sequences of system calls. Journal of Computer Security 6, 3 (1998), 151--180.
[54]
Jiankun Hu. 2010. Host-based anomaly intrusion detection. Handbook of Information and Communication Security (2010), 235--255.
[55]
Jiankun Hu, Xinghuo Yu, Dong Qiu, and Hsiao-Hwa Chen. 2009. A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection. IEEE Network 23, 1 (2009), 42--47.
[56]
Guang-Bin Huang, Qin-Yu Zhu, and Chee-Kheong Siew. 2006. Extreme learning machine: Theory and applications. Neurocomputing 70, 1 (2006), 489--501.
[57]
Ixia. 2017. PerfectStorm. Retrieved from https://www.ixiacom.com/products/perfectstorm.
[58]
Gaya K. Jayasinghe, J. Shane Culpepper, and Peter Bertok. 2014. Efficient and effective realtime prediction of drive-by download attacks. Journal of Network and Computer Applications 38 (2014), 135--149.
[59]
Yangqing Jia, Evan Shelhamer, Jeff Donahue, Sergey Karayev, Jonathan Long, Ross Girshick, Sergio Guadarrama, and Trevor Darrell. 2014. Caffe: Convolutional architecture for fast feature embedding. In Proceedings of the 22nd ACM International Conference on Multimedia. ACM, 675--678.
[60]
Guofei Jiang, Haifeng Chen, Cristian Ungureanu, and Kenji Yoshihira. 2007. Multiresolution abnormal trace detection using varied-length n-grams and automata. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews 37, 1 (2007), 86--97.
[61]
Panos Kampanakis. 2014. Security automation and threat information-sharing options. IEEE Security 8 Privacy 12, 5 (2014), 42--51.
[62]
Parmeet Kaur and Shikha Mehta. 2017. Resource provisioning and work flow scheduling in clouds using augmented shuffled frog leaping algorithm. Journal of Parallel and Distributed Computing 101 (2017), 41--50.
[63]
W. Khreich, E. Granger, R. Sabourin, and A. Miri. 2009. Combining hidden Markov models for improved anomaly detection. In IEEE International Conference on Communications. 1--6.
[64]
Wael Khreich, Syed Shariyar Murtaza, Abdelwahab Hamou-Lhadj, and Chamseddine Talhi. 2017. Combining heterogeneous anomaly detectors for improved software security. Journal of Systems and Software 137 (2018), 415--429.
[65]
Andrea Kovács and Tamás Szirányi. 2013. Improved harris feature point set for orientation-sensitive urban-area detection in aerial images. IEEE Geoscience and Remote Sensing Letters 10, 4 (2013), 796--800.
[66]
Manish Kulariya, Priyanka Saraf, Raushan Ranjan, and Govind P. Gupta. 2016. Performance analysis of network intrusion detection schemes using Apache Spark. In 2016 International Conference on Communication and Signal Processing (ICCSP’16). IEEE, 1973--1977.
[67]
Aron Laszka, Waseem Abbas, S. Shankar Sastry, Yevgeniy Vorobeychik, and Xenofon Koutsoukos. 2016. Optimal thresholds for intrusion detection systems. In Proceedings of the Symposium and Bootcamp on the Science of Security. ACM, 72--81.
[68]
Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. 2015. Deep learning. Nature 521, 7553 (2015), 436--444.
[69]
Wenke Lee and Salvatore J. Stolfo. 1998. Data mining approaches for intrusion detection. In Usenix Security.
[70]
Wenke Lee, Salvatore J. Stolfo, and Philip K. Chan. 1996. Learning patterns from unix process execution traces for intrusion detection. In AAAI Workshop on AI Approaches to Fraud Detection and Risk Management. 50--56.
[71]
Wenke Lee and Dong Xiang. 2001. Information-theoretic measures for anomaly detection. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, 2001 (S&P’’’01). IEEE, 130--143.
[72]
Yihua Liao and V. Rao Vemuri. 2002. Using text categorization techniques for intrusion detection. In USENIX Security Symposium, Vol. 12. 51--59.
[73]
Peter Lichodzijewski, A. Nur Zincir-Heywood, and Malcolm I. Heywood. 2002. Host-based intrusion detection using self-organizing maps. In IEEE International Joint Conference on Neural Networks. 1714--1719.
[74]
Federico Maggi, Matteo Matteucci, and Stefano Zanero. 2010. Detecting intrusions through system call sequence and argument analysis. IEEE Transactions on Dependable and Secure Computing 7, 4 (2010), 381--395.
[75]
Matthew V. Mahoney and Philip K. Chan. 2003. An analysis of the 1999 DARPA/lincoln laboratory evaluation data for network anomaly detection. In International Workshop on Recent Advances in Intrusion Detection. Springer, 220--237.
[76]
Matthew V. Mahoney and Philip K. Chan. 2003. Learning rules for anomaly detection of hostile network traffic. In 3rd IEEE International Conference on Data Mining, 2003 (ICDM’03). IEEE, 601.
[77]
McAfee. 2018. McAfee Host Intrusion Prevention for Desktop. Retrieved from https://www.mcafee.com/uk/products/host-ips-for-desktop.aspx.
[78]
John McHugh. 2000. Testing intrusion detection systems: A critique of the 1998 and 1999 Darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Transactions on Information and System Security (TISSEC) 3, 4 (2000), 262--294.
[79]
Xiangrui Meng, Joseph Bradley, Burak Yavuz, Evan Sparks, Shivaram Venkataraman, Davies Liu, Jeremy Freeman, DB Tsai, Manish Amde, Sean Owen, Doris Xin, Reynold Xin, Michael J. Franklin, Reza Zadeh, Matei Zaharia, and Ameet Talwalkar. 2016. Mllib: Machine learning in apache spark. Journal of Machine Learning Research 17, 34 (2016), 1--7.
[80]
Enza Messina and Daniele Toscani. 2008. Hidden Markov models for scenario generation. Ima Journal of Management Mathematics 19, 4 (2008), 379--401(23).
[81]
Aleksandar Milenkoski, Marco Vieira, Samuel Kounev, Alberto Avritzer, and Bryan D. Payne. 2015. Evaluating computer intrusion detection systems: A survey of common practices. ACM Computing Surveys (CSUR) 48, 1 (2015), 12.
[82]
Philipp Moritz, Robert Nishihara, Ion Stoica, and Michael I. Jordan. 2015. Sparknet: Training deep networks in spark. arXiv Preprint arXiv:1511.06051 (2015).
[83]
Syed Shariyar Murtaza, Abdelwahab Hamou-Lhadj, Wael Khreich, and Mario Couture. 2014. Total ADS: Automated software anomaly detection system. In 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation (SCAM’14). IEEE, 83--88.
[84]
Syed Shariyar Murtaza, Wael Khreich, Abdelwahab Hamou-Lhadj, and Mario Couture. 2013. A host-based anomaly detection approach by representing system calls as states of kernel modules. In 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE’13). IEEE, 431--440.
[85]
Syed Shariyar Murtaza, Wael Khreich, Abdelwahab Hamou-Lhadj, and Stephane Gagnon. 2015. A trace abstraction approach for host-based anomaly detection. In 2015 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA’15). IEEE, 1--8.
[86]
Seyyedeh Atefeh Musavi and Mehdi Kharrazi. 2014. Back to static analysis for kernel-level rootkit detection. IEEE Transactions on Information Forensics and Security 9, 9 (2014), 1465--1476.
[87]
Darren Mutz, Fredrik Valeur, Giovanni Vigna, and Christopher Kruegel. 2006. Anomalous system call detection. ACM Transactions on Information and System Security (TISSEC) 9, 1 (2006), 61--93.
[88]
Mohammad Nauman, Nouman Azam, and JingTao Yao. 2016. A three-way decision making approach to malware analysis using probabilistic rough sets. Information Sciences 374 (2016), 193--209.
[89]
University of New Mexico. 2017. Sequence-Based Intrusion Detection. Retrieved from http://www.cs.unm.edu/ immsec/systemcalls.htm.
[90]
OSSIM. 2018. AlienVault OSSIM: The World’s Most Widely Used Open Source SIEM. Retrieved from https://www.alienvault.com/products/ossim.
[91]
Pingbo Pan, Zhongwen Xu, Yi Yang, Fei Wu, and Yueting Zhuang. 2015. Hierarchical recurrent neural encoder for video representation with application to captioning. arXiv Preprint arXiv:1511.03476 (2015).
[92]
Jonas Pfoh, Christian Schneider, and Claudia Eckert. 2011. Nitro: Hardware-based system call tracing for virtual machines. In International Workshop on Security. Springer, 96--112.
[93]
Yan Qiao, X. W. Xin, Yang Bin, and S. Ge. 2002. Anomaly intrusion detection method based on HMM. Electronics Letters 38, 13 (2002), 1.
[94]
Lawrence R. Rabiner. 1989. A tutorial on hidden Markov models and selected applications in speech recognition. Proceedings of the IEEE 77, 2 (1989), 257--286.
[95]
Rapid7. 2017. Metasploit. Retrieved from https://www.metasploit.com/.
[96]
Konstantin Shvachko, Hairong Kuang, Sanjay Radia, and Robert Chansler. 2010. The Hadoop distributed file system. In 2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST’10). IEEE, 1--10.
[97]
Mohiuddin Solaimani, Mohammed Iftekhar, Latifur Khan, and Bhavani Thuraisingham. 2014. Statistical technique for online anomaly detection using spark over heterogeneous data from multi-source VMware performance data. In 2014 IEEE International Conference on Big Data (Big Data’14). IEEE, 1086--1094.
[98]
Mohiuddin Solaimani, Mohammed Iftekhar, Latifur Khan, Bhavani Thuraisingham, Joe Ingram, and Sadi Evren Seker. 2016. Online anomaly detection for multi-source VMware using a distributed streaming framework. Software: Practice and Experience 46, 11 (2016), 1479--1497.
[99]
Robin Sommer and Vern Paxson. 2010. Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy. IEEE, 305--316.
[100]
Xin Su, M. Chuah, and Gang Tan. 2012. Smartphone dual defense protection framework: Detecting malicious applications in android markets. In 2012 8th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN’12). IEEE, 153--160.
[101]
Michio Sugeno and Takahiro Yasukawa. 1993. A fuzzy-logic-based approach to qualitative modeling. IEEE Transactions on Fuzzy Systems 1, 1 (1993), 7--31.
[102]
Kymie M. C. Tan and Roy A. Maxion. 2002. “Why 6?” Defining the operational limits of Stide, an anomaly-based intrusion detector. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002. IEEE, 188--201.
[103]
Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, and Ren Ping Liu. 2014. A system for denial-of-service attack detection based on multivariate correlation analysis. IEEE Transactions on Parallel and Distributed Systems 25, 2 (2014), 447--456.
[104]
Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu, and Jiankun Hu. 2015. Detection of denial-of-service attacks based on computer vision techniques. IEEE Transactions on Computers 64, 9 (2015), 2519--2533.
[105]
Zhiyuan Tan, Upasana T. Nagar, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu, Song Wang, and Jiankun Hu. 2014. Enhancing big data security with collaborative intrusion detection. IEEE Cloud Computing 1, 3 (2014), 27--33.
[106]
Gaurav Tandon. 2008. Machine Learning for Host-Based Anomaly Detection. Thesis.
[107]
OSSEC Project Team. 2017. OSSEC Open Source HIDS SECurity. Retrieved from http://ossec.github.io/.
[108]
Julien Thomas, Cédric Rose, and François Charpillet. 2006. A multi-HMM approach to ECG segmentation. In 18th IEEE International Conference on Tools with Artificial Intelligence, 2006 (ICTAI’06). IEEE, 609--616.
[109]
Emmanouil Vasilomanolakis, Shankar Karuppayah, Max Muhlhauser, and Mathias Fischer. 2015. Taxonomy and survey of collaborative intrusion detection. ACM Computing Surveys (CSUR) 47, 4 (2015), 55.
[110]
vmware. 2017. vSphere Guest SDK. Retrieved from https://www.vmware.com/support/developer/guest-sdk/.
[111]
David Wagner and Paolo Soto. 2002. Mimicry attacks on host-based intrusion detection systems. In Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM, 255--264.
[112]
Rasna Rani Walia. 2014. Sequence-based prediction of RNA-protein interactions. Dissertations and Theses - Gradworks (2014).
[113]
Ke Wang, Janak J. Parekh, and Salvatore J. Stolfo. 2006. Anagram: A content anomaly detector resistant to mimicry attack. In International Workshop on Recent Advances in Intrusion Detection, 2006. Springer, 226--248.
[114]
Christina Warrender, Stephanie Forrest, and Barak Pearlmutter. 1999. Detecting intrusions using system calls: Alternative data models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999. IEEE, 133--145.
[115]
Michael R. Watson, Angelos K. Marnerides, Andreas Mauthe, and David Hutchison. 2016. Malware detection in cloud computing infrastructures. IEEE Transactions on Dependable and Secure Computing 13, 2 (2016), 192--205.
[116]
Xi Xiao, Zhenlong Wang, Qi Li, Qing Li, and Yong Jiang. 2015. ANNs on co-occurrence matrices for mobile malware detection. KSII Transactions on Internet and Information Systems (TIIS) 9, 7 (2015), 2736--2754.
[117]
Miao Xie and Jiankun Hu. 2013. Evaluating host-based anomaly detection systems: A preliminary analysis of ADFA-LD. In 2013 6th International Congress on Image and Signal Processing (CISP’13), Vol. 3. IEEE, 1711--1716.
[118]
Miao Xie, Jiankun Hu, and Jill Slay. 2014. Evaluating host-based anomaly detection systems: Application of the one-class SVM algorithm to ADFA-LD. In 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD’14). IEEE, 978--982.
[119]
Miao Xie, Jiankun Hu, Xinghuo Yu, and Elizabeth Chang. 2014. Evaluating host-based anomaly detection systems: Application of the frequency-based algorithms to ADFA-LA. In International Conference on Network and System Security. Springer, 542--549.
[120]
Kelvin Xu, Jimmy Ba, Ryan Kiros, Kyunghyun Cho, Aaron Courville, Ruslan Salakhutdinov, Richard S. Zemel, and Yoshua Bengio. 2015. Show, attend and tell: Neural image caption generation with visual attention. arXiv Preprint arXiv:1502.03044 2, 3 (2015), 5.
[121]
Lifan Xu, Dongping Zhang, Marco A. Alvarez, Jose Andre Morales, Xudong Ma, and John Cavazos. 2016. Dynamic android malware classification using graph-based representations. In 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud’16). IEEE, 220--231.
[122]
Chi Yang and Jinjun Chen. 2017. A scalable data chunk similarity based compression approach for efficient big sensing data processing on cloud. IEEE Transactions on Knowledge and Data Engineering 29, 6 (2017), 1144--1157.
[123]
Chi Yang, Chang Liu, Xuyun Zhang, Surya Nepal, and Jinjun Chen. 2015. A time efficient approach for detecting errors in big sensor data on cloud. IEEE Transactions on Parallel and Distributed Systems 26, 2 (2015), 329--339.
[124]
Chi Yang, Deepak Puthal, Saraju P. Mohanty, and Elias Kougianos. 2017. Big-sensing-data curation for the cloud is coming: A promise of scalable cloud-data-center mitigation for next-generation IoT and wireless sensor networks. IEEE Consumer Electronics Magazine 6, 4 (2017), 48--56.
[125]
Chi Yang, Xuyun Zhang, Changmin Zhong, Chang Liu, Jian Pei, Kotagiri Ramamohanarao, and Jinjun Chen. 2014. A spatiotemporal compression based approach for efficient big data processing on cloud. Journal of Computer and System Sciences 80, 8 (2014), 1563--1583.
[126]
Zhilin Yang, Ye Yuan, Yuexin Wu, Ruslan Salakhutdinov, and William W. Cohen. 2016. Encode, review, and decode: Reviewer module for caption generation. arXiv Preprint arXiv:1605.07912 (2016).
[127]
Qing Ye, Xiaoping Wu, and Bo Yan. 2010. An intrusion detection approach based on system call sequences and rules extraction. In 2010 2nd International Conference on E-business and Information System Security. IEEE, 1--4.
[128]
Dit-Yan Yeung and Yuxin Ding. 2003. Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognition 36, 1 (2003), 229--243.
[129]
Ding Yuxin, Yuan Xuebing, Zhou Di, Dong Li, and An Zhanchao. 2011. Feature representation and selection in malicious code detection methods based on static system calls. Computers 8 Security 30, 6 (2011), 514--524.
[130]
Matei Zaharia. 2016. An Architecture for Fast and General Data Processing on Large Clusters. Morgan 8 Claypool.
[131]
Matei Zaharia, Mosharaf Chowdhury, Tathagata Das, Ankur Dave, Justin Ma, Murphy McCauley, Michael J. Franklin, Scott Shenker, and Ion Stoica. 2012. Resilient distributed datasets: A fault-tolerant abstraction for in-memory cluster computing. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation. USENIX Association, 2--2.
[132]
Matei Zaharia, Tathagata Das, Haoyuan Li, Timothy Hunter, Scott Shenker, and Ion Stoica. 2013. Discretized streams: Fault-tolerant streaming computation at scale. In Proceedings of the 24th ACM Symposium on Operating Systems Principles. ACM, 423--438.
[133]
Xuyun Zhang, Wanchun Dou, Jian Pei, Surya Nepal, Chi Yang, Chang Liu, and Jinjun Chen. 2015. Proximity-aware local-recoding anonymization with mapreduce for scalable big data privacy preservation in cloud. IEEE Transactions on Computers 64, 8 (2015), 2293--2307.
[134]
Xuyun Zhang, Chang Liu, Surya Nepal, Chi Yang, and Jinjun Chen. 2014. Privacy preservation over big data in cloud systems. In Security, Privacy and Trust in Cloud Systems. Springer, 239--257.
[135]
Xuyun Zhang, Chang Liu, Surya Nepal, Chi Yang, Wanchun Dou, and Jinjun Chen. 2014. A hybrid approach for scalable sub-tree anonymization over big data using MapReduce on cloud. Journal of Computer and System Sciences 80, 5 (2014), 1008--1020.
[136]
Xuyun Zhang, Laurence T. Yang, Chang Liu, and Jinjun Chen. 2014. A scalable two-phase top-down specialization approach for data anonymization using Mapreduce on cloud. IEEE Transactions on Parallel and Distributed Systems 25, 2 (2014), 363--373.
[137]
Richard Zuech, Taghi M. Khoshgoftaar, and Randall Wald. 2015. Intrusion detection and big heterogeneous data: A survey. Journal of Big Data 2, 1 (2015), 1.

Cited By

View all
  • (2024)Anomaly Detection in Intrusion Detection SystemsAnomaly Detection - Recent Advances, AI and ML Perspectives and Applications10.5772/intechopen.112733Online publication date: 17-Jan-2024
  • (2024)AI Solutions for Complex Communication Network ChallengesAI for Large Scale Communication Networks10.4018/979-8-3693-6552-6.ch003(45-58)Online publication date: 25-Oct-2024
  • (2024)Endpoint Controls Through a Lens of PCI DSSAdvances in Enterprise Technology Risk Assessment10.4018/979-8-3693-4211-4.ch009(245-282)Online publication date: 18-Oct-2024
  • Show More Cited By

Index Terms

  1. Host-Based Intrusion Detection System with System Calls: Review and Future Trends

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Computing Surveys
    ACM Computing Surveys  Volume 51, Issue 5
    September 2019
    791 pages
    ISSN:0360-0300
    EISSN:1557-7341
    DOI:10.1145/3271482
    • Editor:
    • Sartaj Sahni
    Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 19 November 2018
    Accepted: 01 April 2018
    Revised: 01 April 2018
    Received: 01 July 2017
    Published in CSUR Volume 51, Issue 5

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Cybersecurity
    2. big data
    3. cloud computing
    4. intrusion detection
    5. system call

    Qualifiers

    • Survey
    • Research
    • Refereed

    Funding Sources

    • China Scholarship Council

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)434
    • Downloads (Last 6 weeks)52
    Reflects downloads up to 09 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Anomaly Detection in Intrusion Detection SystemsAnomaly Detection - Recent Advances, AI and ML Perspectives and Applications10.5772/intechopen.112733Online publication date: 17-Jan-2024
    • (2024)AI Solutions for Complex Communication Network ChallengesAI for Large Scale Communication Networks10.4018/979-8-3693-6552-6.ch003(45-58)Online publication date: 25-Oct-2024
    • (2024)Endpoint Controls Through a Lens of PCI DSSAdvances in Enterprise Technology Risk Assessment10.4018/979-8-3693-4211-4.ch009(245-282)Online publication date: 18-Oct-2024
    • (2024)Self-Supervised Machine Learning Framework for Online Container Security Attack DetectionACM Transactions on Autonomous and Adaptive Systems10.1145/366579519:3(1-28)Online publication date: 30-Sep-2024
    • (2024)BR-HIDF: An Anti-Sparsity and Effective Host Intrusion Detection Framework Based on Multi-Granularity Feature ExtractionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332438819(485-499)Online publication date: 1-Jan-2024
    • (2024)I See Syscalls by the Seashore: An Anomaly-based IDS for Containers Leveraging Sysdig Data2024 IEEE Symposium on Computers and Communications (ISCC)10.1109/ISCC61673.2024.10733595(1-6)Online publication date: 26-Jun-2024
    • (2024)Survey on Unified Threat Management (UTM) Systems for Home NetworksIEEE Communications Surveys & Tutorials10.1109/COMST.2024.338247026:4(2459-2509)Online publication date: Dec-2025
    • (2024)Transformer Neural Networks for Intrusion Diagnostic Unit (IDU) and Anomaly Detection in Distributed Energy Resources (DERs)2024 7th International Conference on Electrical Engineering and Green Energy (CEEGE)10.1109/CEEGE62093.2024.10744069(206-215)Online publication date: 28-Jun-2024
    • (2024)Cost-Effective Resilience: A Comprehensive Survey and Tutorial on Assessing Open-Source Cybersecurity Tools for Multi-Tiered DefenseIEEE Access10.1109/ACCESS.2024.351053312(194053-194076)Online publication date: 2024
    • (2024)A survey on graph neural networks for intrusion detection systemsComputers and Security10.1016/j.cose.2024.103821141:COnline publication date: 1-Jun-2024
    • Show More Cited By

    View Options

    Login options

    Full Access

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format.

    HTML Format

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media