More Web Proxy on the site http://driver.im/

survey

Host-Based Intrusion Detection System with System Calls: Review and Future Trends

Authors:

Changmin Zhong,

Jinjun ChenAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 51, Issue 5

Article No.: 98, Pages 1 - 36

https://doi.org/10.1145/3214304

Published: 19 November 2018 Publication History

Abstract

In a contemporary data center, Linux applications often generate a large quantity of real-time system call traces, which are not suitable for traditional host-based intrusion detection systems deployed on every single host. Training data mining models with system calls on a single host that has static computing and storage capacity is time-consuming, and intermediate datasets are not capable of being efficiently handled. It is cumbersome for the maintenance and updating of host-based intrusion detection systems (HIDS) installed on every physical or virtual host, and comprehensive system call analysis can hardly be performed to detect complex and distributed attacks among multiple hosts. Considering these limitations of current system-call-based HIDS, in this article, we provide a review of the development of system-call-based HIDS and future research trends. Algorithms and techniques relevant to system-call-based HIDS are investigated, including feature extraction methods and various data mining algorithms. The HIDS dataset issues are discussed, including currently available datasets with system calls and approaches for researchers to generate new datasets. The application of system-call-based HIDS on current embedded systems is studied, and related works are investigated. Finally, future research trends are forecast regarding three aspects, namely, the reduction of the false-positive rate, the improvement of detection efficiency, and the enhancement of collaborative security.

References

[1]

Mohamed Abdel-Azim, AI Abdel-Fatah, and Mohammed Awad. 2009. Performance analysis of artificial neural network intrusion detection systems. In International Conference on Electrical and Electronics Engineering, 2009 (ELECO’09). IEEE, II--385--II--389.

[2]

Mohiuddin Ahmed, Abdun Naser Mahmood, and Jiankun Hu. 2016. A survey of network anomaly detection techniques. Journal of Network and Computer Applications 60 (2016), 19--31.

Digital Library

[3]

Usman Ahmed and Asif Masood. 2009. Host based intrusion detection using RBF neural networks. In International Conference on Emerging Technologies, 2009 (ICET’09). IEEE, 48--51.

[4]

Suaad Alarifi and Stephen Wolthusen. 2013. Anomaly detection for ephemeral cloud IaaS virtual machines. In International Conference on Network and System Security. Springer, 321--335.

[5]

Suaad S. Alarifi and Stephen D. Wolthusen. 2012. Detecting anomalies in IaaS environments through virtual machine host system call analysis. In 2012 International Conference for Internet Technology And Secured Transactions. IEEE, 211--218.

[6]

AlienVault. 2018. Host-based Intrusion Detection System. Retrieved from https://www.alienvault.com/solutions/host-intrusion-detection-system.

[7]

Mohammed A. Ambusaidi, Xiangjian He, Priyadarsi Nanda, and Zhiyuan Tan. 2016. Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Transactions on Computers 65, 10 (2016), 2986--2998.

Digital Library

[8]

Austin Appleby. 2017. Murmurhash. Retrieved from https://sites.google.com/site/murmurhash/.

[9]

Junaid Arshad, Paul Townend, and Jie Xu. 2013. A novel intrusion severity analysis approach for clouds. Future Generation Computer Systems 29, 1 (2013), 416--428.

Digital Library

[10]

Chandrashekhar Azad and Vijay Kumar Jha. 2013. Data mining in intrusion detection: A comparative study of methods, types and data sets. International Journal of Information Technology and Computer Science (IJITCS) 5, 8 (2013), 75.

[11]

Sean Barnum. 2012. Standardizing cyber threat intelligence information with the structured threat information eXpression (STIX). MITRE Corporation 11 (2012), 1--22.

[12]

VMware Knowledge Base. 2017. esxtop. Retrieved from https://kb.vmware.com/selfservice/microsites/search.do?language=en_US8cmd=displayKC&externalId===1008205.

[13]

Thomas Bläsing, Leonid Batyuk, Aubrey-Derrick Schmidt, Seyit Ahmet Camtepe, and Sahin Albayrak. 2010. An Android application sandbox system for suspicious software detection. In 2010 5th International Conference on Malicious and Unwanted Software (MALWARE’10). IEEE, 55--62.

[14]

Andrei Broder and Michael Mitzenmacher. 2004. Network applications of bloom filters: A survey. Internet Mathematics 1, 4 (2004), 485--509.

[15]

Bsd. 2017. Kernel Virtual Machine. Retrieved from http://www.linux-kvm.org/page/Main_Page.

[16]

Iker Burguera, Urko Zurutuza, and Simin Nadjm-Tehrani. 2011. Crowdroid: Behavior-based malware detection system for android. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 15--26.

Digital Library

[17]

Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, and Engin Kirda. 2012. A quantitative study of accuracy in system call-based malware detection. In Proceedings of the 2012 International Symposium on Software Testing and Analysis. ACM, 122--132.

Digital Library

[18]

Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2009. Anomaly detection. Computer Surveys 41, 3 (2009), 1--58.

Digital Library

[19]

Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2012. Anomaly detection for discrete sequences: A survey. IEEE Transactions on Knowledge and Data Engineering 24, 5 (2012), 823--839.

Digital Library

[20]

Qiuwen Chen, Ryan Luley, Qing Wu, Morgan Bishop, Richard W. Linderman, and Qinru Qiu. 2018. AnRAD: A neuromorphic anomaly detection framework for massive concurrent data streams. IEEE Transactions on Neural Networks and Learning Systems 29, 5 (2018), 1622--1636.

[21]

Qiuwen Chen, Qing Wu, Morgan Bishop, Richard Linderman, and Qinru Qiu. 2015. Self-structured confabulation network for fast anomaly detection and reasoning. In 2015 International Joint Conference on Neural Networks (IJCNN’15). IEEE, 1--8.

[22]

The MITRE Corporation. 2017. Common Vulnerabilities and Exposures. Retrieved from https://cve.mitre.org/.

[23]

Gideon Creech. 2014. Developing a High-Accuracy Cross Platform Host-Based Intrusion Detection System Capable of Reliably Detecting Zero-Day Attacks. Ph.D. Dissertation. PhD thesis, University of New South Wales.

[24]

Gideon Creech and Jiankun Hu. 2013. Generation of a new IDS test dataset: Time to retire the KDD collection. In 2013 IEEE Wireless Communications and Networking Conference (WCNC’13). IEEE, 4487--4492.

[25]

Gideon Creech and Jiankun Hu. 2014. A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Transactions on Computers 63, 4 (2014), 807--819.

Digital Library

[26]

Sanjeev Das, Yang Liu, Wei Zhang, and Mahintham Chandramohan. 2016. Semantics-based online malware detection: Towards efficient real-time protection against malware. IEEE Transactions on Information Forensics and Security 11, 2 (2016), 289--302.

Digital Library

[27]

Jesse Davis and Mark Goadrich. 2006. The relationship between precision-recall and ROC curves. In Proceedings of the 23rd International Conference on Machine Learning. ACM, 233--240.

Digital Library

[28]

Richard I. A. Davis, Brian C. Lovell, and Terry Caelli. 2002. Improved estimation of hidden Markov model parameters from multiple observation sequences. In Proceedings of the 16th International Conference on Pattern Recognition, 2002. Vol. 2. IEEE, 168--171.

[29]

Huwaida Tagelsir Elshoush and Izzeldin Mohamed Osman. 2011. Alert correlation in collaborative intelligent intrusion detection systems-A survey. Applied Soft Computing 11, 7 (2011), 4349--4365.

Digital Library

[30]

Ali Feizollah, Nor Badrul Anuar, Rosli Salleh, and Ainuddin Wahid Abdul Wahab. 2015. A review on feature selection in mobile malware detection. Digital Investigation 13 (2015), 22--37.

Digital Library

[31]

Stephen Feldman, Dillon Stadther, and Bing Wang. 2014. Manilyzer: Automated android malware detection through manifest analysis. In 2014 IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems (MASS’14). IEEE, 767--772.

Digital Library

[32]

Shai Fine, Yoram Singer, and Naftali Tishby. 1998. The hierarchical hidden Markov model: Analysis and applications. Machine Learning 32, 1 (1998), 41--62.

Digital Library

[33]

Stephanie Forrest, Steven Hofmeyr, and Anil Somayaji. 2008. The evolution of system-call monitoring. In Annual Computer Security Applications Conference, 2008 (ACSAC’08). IEEE, 418--430.

Digital Library

[34]

Stephanie Forrest, Steven A. Hofmeyr, Aniln Somayaji, and Thomas A. Longstaff. 1996. A sense of self for unix processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996. IEEE, 120--128.

Digital Library

[35]

Alluxio Open Foundation. 2017. Alluxio. Retrieved from http://www.alluxio.org/.

[36]

Apache Software Foundation. 2017. Apache Hadoop YARN. Retrieved from https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/YARN.html.

[37]

Apache Software Foundation. 2017. Apache Kafka a distributed streaming platform. Retrieved from https://kafka.apache.org/.

[38]

The Apache Software Foundation. 2017. Apache Flume. Retrieved from https://flume.apache.org/.

[39]

The Apache Software Foundation. 2018. Spark. Retrieved from http://spark.apache.org/.

[40]

Anup K. Ghosh, Aaron Schwartzbard, and Michael Schatz. 1999. Learning program behavior profiles for intrusion detection. In Workshop on Intrusion Detection and Network Monitoring, Vol. 51462. 1--13.

Digital Library

[41]

Sebastien Godard. 2017. mpstat. Retrieved from http://linuxcommand.org/man_pages/mpstat1.html.

[42]

Ye Gu, Weihua Sheng, Yongsheng Ou, Meiqin Liu, and Senlin Zhang. 2013. Human action recognition with contextual constraints using a RGB-D sensor. In 2013 IEEE International Conference on Robotics and Biomimetics (ROBIO’13). IEEE, 674--679.

[43]

Sanchika Gupta and Padam Kumar. 2015. An immediate system call sequence based approach for detecting malicious program executions in cloud environment. Wireless Personal Communications 81, 1 (2015), 405--425.

Digital Library

[44]

Waqas Haider, Gideon Creech, Yi Xie, and Jiankun Hu. 2016. Windows based data sets for evaluation of robustness of host based intrusion detection systems (IDS) to zero-day and stealth attacks. Future Internet 8, 3 (2016), 29.

[45]

Waqas Haider, Jiankun Hu, Jill Slay, Benjamin Turnbull, and Yi Xie. 2017. Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling. Journal of Network and Computer Applications 87, C (2017), 185--192.

Digital Library

[46]

Waqas Haider, Jiankun Hu, and Miao Xie. 2015. Towards reliable data feature retrieval and decision engine in host-based anomaly detection systems. In 2015 IEEE 10th Conference on Industrial Electronics and Applications (ICIEA’15). IEEE, 513--517.

[47]

Waqas Haider, Jiankun Hu, Yi Xie, Xinghuo Yu, and Qianhong Wu. 2017. Detecting anomalous behavior in cloud servers by nested arc hidden SEMI-Markov model with state summarization. IEEE Transactions on Big Data (2017).

[48]

Waqas Haider, Jiankun Hu, Xinghuo Yu, and Yi Xie. 2015. Integer data zero-watermark assisted system calls abstraction and normalization for host based anomaly detection systems. In 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud’15). IEEE, 349--355.

Digital Library

[49]

Fabian Frederick Henry Ware. 2017. vmstat. Retrieved from http://www.linuxcommand.org/man_pages/vmstat8.html.

[50]

Xuan Dau Hoang, Jiankun Hu, and Peter Bertok. 2003. A multi-layer model for anomaly intrusion detection using program sequences of system calls. In The 11th IEEE International Conference on Networks, 2003 (ICON’03). Citeseer.

[51]

Xuan Dau Hoang, Jiankun Hu, and Peter Bertok. 2009. A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference. Journal of Network and Computer Applications 32, 6 (2009), 1219--1228.

Digital Library

[52]

Sepp Hochreiter and Jürgen Schmidhuber. 1997. Long short-term memory. Neural Computation 9, 8 (1997), 1735--1780.

Digital Library

[53]

Steven A. Hofmeyr, Stephanie Forrest, and Anil Somayaji. 1998. Intrusion detection using sequences of system calls. Journal of Computer Security 6, 3 (1998), 151--180.

[54]

Jiankun Hu. 2010. Host-based anomaly intrusion detection. Handbook of Information and Communication Security (2010), 235--255.

[55]

Jiankun Hu, Xinghuo Yu, Dong Qiu, and Hsiao-Hwa Chen. 2009. A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection. IEEE Network 23, 1 (2009), 42--47.

Digital Library

[56]

Guang-Bin Huang, Qin-Yu Zhu, and Chee-Kheong Siew. 2006. Extreme learning machine: Theory and applications. Neurocomputing 70, 1 (2006), 489--501.

[57]

Ixia. 2017. PerfectStorm. Retrieved from https://www.ixiacom.com/products/perfectstorm.

[58]

Gaya K. Jayasinghe, J. Shane Culpepper, and Peter Bertok. 2014. Efficient and effective realtime prediction of drive-by download attacks. Journal of Network and Computer Applications 38 (2014), 135--149.

Digital Library

[59]

Yangqing Jia, Evan Shelhamer, Jeff Donahue, Sergey Karayev, Jonathan Long, Ross Girshick, Sergio Guadarrama, and Trevor Darrell. 2014. Caffe: Convolutional architecture for fast feature embedding. In Proceedings of the 22nd ACM International Conference on Multimedia. ACM, 675--678.

Digital Library

[60]

Guofei Jiang, Haifeng Chen, Cristian Ungureanu, and Kenji Yoshihira. 2007. Multiresolution abnormal trace detection using varied-length n-grams and automata. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews 37, 1 (2007), 86--97.

Digital Library

[61]

Panos Kampanakis. 2014. Security automation and threat information-sharing options. IEEE Security 8 Privacy 12, 5 (2014), 42--51.

[62]

Parmeet Kaur and Shikha Mehta. 2017. Resource provisioning and work flow scheduling in clouds using augmented shuffled frog leaping algorithm. Journal of Parallel and Distributed Computing 101 (2017), 41--50.

Digital Library

[63]

W. Khreich, E. Granger, R. Sabourin, and A. Miri. 2009. Combining hidden Markov models for improved anomaly detection. In IEEE International Conference on Communications. 1--6.

Digital Library

[64]

Wael Khreich, Syed Shariyar Murtaza, Abdelwahab Hamou-Lhadj, and Chamseddine Talhi. 2017. Combining heterogeneous anomaly detectors for improved software security. Journal of Systems and Software 137 (2018), 415--429.

[65]

Andrea Kovács and Tamás Szirányi. 2013. Improved harris feature point set for orientation-sensitive urban-area detection in aerial images. IEEE Geoscience and Remote Sensing Letters 10, 4 (2013), 796--800.

[66]

Manish Kulariya, Priyanka Saraf, Raushan Ranjan, and Govind P. Gupta. 2016. Performance analysis of network intrusion detection schemes using Apache Spark. In 2016 International Conference on Communication and Signal Processing (ICCSP’16). IEEE, 1973--1977.

[67]

Aron Laszka, Waseem Abbas, S. Shankar Sastry, Yevgeniy Vorobeychik, and Xenofon Koutsoukos. 2016. Optimal thresholds for intrusion detection systems. In Proceedings of the Symposium and Bootcamp on the Science of Security. ACM, 72--81.

Digital Library

[68]

Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. 2015. Deep learning. Nature 521, 7553 (2015), 436--444.

[69]

Wenke Lee and Salvatore J. Stolfo. 1998. Data mining approaches for intrusion detection. In Usenix Security.

Digital Library

[70]

Wenke Lee, Salvatore J. Stolfo, and Philip K. Chan. 1996. Learning patterns from unix process execution traces for intrusion detection. In AAAI Workshop on AI Approaches to Fraud Detection and Risk Management. 50--56.

[71]

Wenke Lee and Dong Xiang. 2001. Information-theoretic measures for anomaly detection. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, 2001 (S&P’’’01). IEEE, 130--143.

Digital Library

[72]

Yihua Liao and V. Rao Vemuri. 2002. Using text categorization techniques for intrusion detection. In USENIX Security Symposium, Vol. 12. 51--59.

Digital Library

[73]

Peter Lichodzijewski, A. Nur Zincir-Heywood, and Malcolm I. Heywood. 2002. Host-based intrusion detection using self-organizing maps. In IEEE International Joint Conference on Neural Networks. 1714--1719.

[74]

Federico Maggi, Matteo Matteucci, and Stefano Zanero. 2010. Detecting intrusions through system call sequence and argument analysis. IEEE Transactions on Dependable and Secure Computing 7, 4 (2010), 381--395.

Digital Library

[75]

Matthew V. Mahoney and Philip K. Chan. 2003. An analysis of the 1999 DARPA/lincoln laboratory evaluation data for network anomaly detection. In International Workshop on Recent Advances in Intrusion Detection. Springer, 220--237.

[76]

Matthew V. Mahoney and Philip K. Chan. 2003. Learning rules for anomaly detection of hostile network traffic. In 3rd IEEE International Conference on Data Mining, 2003 (ICDM’03). IEEE, 601.

Digital Library

[77]

McAfee. 2018. McAfee Host Intrusion Prevention for Desktop. Retrieved from https://www.mcafee.com/uk/products/host-ips-for-desktop.aspx.

[78]

John McHugh. 2000. Testing intrusion detection systems: A critique of the 1998 and 1999 Darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Transactions on Information and System Security (TISSEC) 3, 4 (2000), 262--294.

Digital Library

[79]

Xiangrui Meng, Joseph Bradley, Burak Yavuz, Evan Sparks, Shivaram Venkataraman, Davies Liu, Jeremy Freeman, DB Tsai, Manish Amde, Sean Owen, Doris Xin, Reynold Xin, Michael J. Franklin, Reza Zadeh, Matei Zaharia, and Ameet Talwalkar. 2016. Mllib: Machine learning in apache spark. Journal of Machine Learning Research 17, 34 (2016), 1--7.

Digital Library

[80]

Enza Messina and Daniele Toscani. 2008. Hidden Markov models for scenario generation. Ima Journal of Management Mathematics 19, 4 (2008), 379--401(23).

[81]

Aleksandar Milenkoski, Marco Vieira, Samuel Kounev, Alberto Avritzer, and Bryan D. Payne. 2015. Evaluating computer intrusion detection systems: A survey of common practices. ACM Computing Surveys (CSUR) 48, 1 (2015), 12.

Digital Library

[82]

Philipp Moritz, Robert Nishihara, Ion Stoica, and Michael I. Jordan. 2015. Sparknet: Training deep networks in spark. arXiv Preprint arXiv:1511.06051 (2015).

[83]

Syed Shariyar Murtaza, Abdelwahab Hamou-Lhadj, Wael Khreich, and Mario Couture. 2014. Total ADS: Automated software anomaly detection system. In 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation (SCAM’14). IEEE, 83--88.

Digital Library

[84]

Syed Shariyar Murtaza, Wael Khreich, Abdelwahab Hamou-Lhadj, and Mario Couture. 2013. A host-based anomaly detection approach by representing system calls as states of kernel modules. In 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE’13). IEEE, 431--440.

[85]

Syed Shariyar Murtaza, Wael Khreich, Abdelwahab Hamou-Lhadj, and Stephane Gagnon. 2015. A trace abstraction approach for host-based anomaly detection. In 2015 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA’15). IEEE, 1--8.

[86]

Seyyedeh Atefeh Musavi and Mehdi Kharrazi. 2014. Back to static analysis for kernel-level rootkit detection. IEEE Transactions on Information Forensics and Security 9, 9 (2014), 1465--1476.

Digital Library

[87]

Darren Mutz, Fredrik Valeur, Giovanni Vigna, and Christopher Kruegel. 2006. Anomalous system call detection. ACM Transactions on Information and System Security (TISSEC) 9, 1 (2006), 61--93.

Digital Library

[88]

Mohammad Nauman, Nouman Azam, and JingTao Yao. 2016. A three-way decision making approach to malware analysis using probabilistic rough sets. Information Sciences 374 (2016), 193--209.

Digital Library

[89]

University of New Mexico. 2017. Sequence-Based Intrusion Detection. Retrieved from http://www.cs.unm.edu/ immsec/systemcalls.htm.

[90]

OSSIM. 2018. AlienVault OSSIM: The World’s Most Widely Used Open Source SIEM. Retrieved from https://www.alienvault.com/products/ossim.

[91]

Pingbo Pan, Zhongwen Xu, Yi Yang, Fei Wu, and Yueting Zhuang. 2015. Hierarchical recurrent neural encoder for video representation with application to captioning. arXiv Preprint arXiv:1511.03476 (2015).

[92]

Jonas Pfoh, Christian Schneider, and Claudia Eckert. 2011. Nitro: Hardware-based system call tracing for virtual machines. In International Workshop on Security. Springer, 96--112.

Digital Library

[93]

Yan Qiao, X. W. Xin, Yang Bin, and S. Ge. 2002. Anomaly intrusion detection method based on HMM. Electronics Letters 38, 13 (2002), 1.

[94]

Lawrence R. Rabiner. 1989. A tutorial on hidden Markov models and selected applications in speech recognition. Proceedings of the IEEE 77, 2 (1989), 257--286.

[95]

Rapid7. 2017. Metasploit. Retrieved from https://www.metasploit.com/.

[96]

Konstantin Shvachko, Hairong Kuang, Sanjay Radia, and Robert Chansler. 2010. The Hadoop distributed file system. In 2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST’10). IEEE, 1--10.

Digital Library

[97]

Mohiuddin Solaimani, Mohammed Iftekhar, Latifur Khan, and Bhavani Thuraisingham. 2014. Statistical technique for online anomaly detection using spark over heterogeneous data from multi-source VMware performance data. In 2014 IEEE International Conference on Big Data (Big Data’14). IEEE, 1086--1094.

[98]

Mohiuddin Solaimani, Mohammed Iftekhar, Latifur Khan, Bhavani Thuraisingham, Joe Ingram, and Sadi Evren Seker. 2016. Online anomaly detection for multi-source VMware using a distributed streaming framework. Software: Practice and Experience 46, 11 (2016), 1479--1497.

Digital Library

[99]

Robin Sommer and Vern Paxson. 2010. Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy. IEEE, 305--316.

Digital Library

[100]

Xin Su, M. Chuah, and Gang Tan. 2012. Smartphone dual defense protection framework: Detecting malicious applications in android markets. In 2012 8th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN’12). IEEE, 153--160.

Digital Library

[101]

Michio Sugeno and Takahiro Yasukawa. 1993. A fuzzy-logic-based approach to qualitative modeling. IEEE Transactions on Fuzzy Systems 1, 1 (1993), 7--31.

Digital Library

[102]

Kymie M. C. Tan and Roy A. Maxion. 2002. “Why 6?” Defining the operational limits of Stide, an anomaly-based intrusion detector. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002. IEEE, 188--201.

Digital Library

[103]

Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, and Ren Ping Liu. 2014. A system for denial-of-service attack detection based on multivariate correlation analysis. IEEE Transactions on Parallel and Distributed Systems 25, 2 (2014), 447--456.

Digital Library

[104]

Zhiyuan Tan, Aruna Jamdagni, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu, and Jiankun Hu. 2015. Detection of denial-of-service attacks based on computer vision techniques. IEEE Transactions on Computers 64, 9 (2015), 2519--2533.

Digital Library

[105]

Zhiyuan Tan, Upasana T. Nagar, Xiangjian He, Priyadarsi Nanda, Ren Ping Liu, Song Wang, and Jiankun Hu. 2014. Enhancing big data security with collaborative intrusion detection. IEEE Cloud Computing 1, 3 (2014), 27--33.

[106]

Gaurav Tandon. 2008. Machine Learning for Host-Based Anomaly Detection. Thesis.

Digital Library

[107]

OSSEC Project Team. 2017. OSSEC Open Source HIDS SECurity. Retrieved from http://ossec.github.io/.

[108]

Julien Thomas, Cédric Rose, and François Charpillet. 2006. A multi-HMM approach to ECG segmentation. In 18th IEEE International Conference on Tools with Artificial Intelligence, 2006 (ICTAI’06). IEEE, 609--616.

Digital Library

[109]

Emmanouil Vasilomanolakis, Shankar Karuppayah, Max Muhlhauser, and Mathias Fischer. 2015. Taxonomy and survey of collaborative intrusion detection. ACM Computing Surveys (CSUR) 47, 4 (2015), 55.

Digital Library

[110]

vmware. 2017. vSphere Guest SDK. Retrieved from https://www.vmware.com/support/developer/guest-sdk/.

[111]

David Wagner and Paolo Soto. 2002. Mimicry attacks on host-based intrusion detection systems. In Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM, 255--264.

Digital Library

[112]

Rasna Rani Walia. 2014. Sequence-based prediction of RNA-protein interactions. Dissertations and Theses - Gradworks (2014).

[113]

Ke Wang, Janak J. Parekh, and Salvatore J. Stolfo. 2006. Anagram: A content anomaly detector resistant to mimicry attack. In International Workshop on Recent Advances in Intrusion Detection, 2006. Springer, 226--248.

Digital Library

[114]

Christina Warrender, Stephanie Forrest, and Barak Pearlmutter. 1999. Detecting intrusions using system calls: Alternative data models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999. IEEE, 133--145.

[115]

Michael R. Watson, Angelos K. Marnerides, Andreas Mauthe, and David Hutchison. 2016. Malware detection in cloud computing infrastructures. IEEE Transactions on Dependable and Secure Computing 13, 2 (2016), 192--205.

Digital Library

[116]

Xi Xiao, Zhenlong Wang, Qi Li, Qing Li, and Yong Jiang. 2015. ANNs on co-occurrence matrices for mobile malware detection. KSII Transactions on Internet and Information Systems (TIIS) 9, 7 (2015), 2736--2754.

[117]

Miao Xie and Jiankun Hu. 2013. Evaluating host-based anomaly detection systems: A preliminary analysis of ADFA-LD. In 2013 6th International Congress on Image and Signal Processing (CISP’13), Vol. 3. IEEE, 1711--1716.

[118]

Miao Xie, Jiankun Hu, and Jill Slay. 2014. Evaluating host-based anomaly detection systems: Application of the one-class SVM algorithm to ADFA-LD. In 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD’14). IEEE, 978--982.

[119]

Miao Xie, Jiankun Hu, Xinghuo Yu, and Elizabeth Chang. 2014. Evaluating host-based anomaly detection systems: Application of the frequency-based algorithms to ADFA-LA. In International Conference on Network and System Security. Springer, 542--549.

[120]

Kelvin Xu, Jimmy Ba, Ryan Kiros, Kyunghyun Cho, Aaron Courville, Ruslan Salakhutdinov, Richard S. Zemel, and Yoshua Bengio. 2015. Show, attend and tell: Neural image caption generation with visual attention. arXiv Preprint arXiv:1502.03044 2, 3 (2015), 5.

[121]

Lifan Xu, Dongping Zhang, Marco A. Alvarez, Jose Andre Morales, Xudong Ma, and John Cavazos. 2016. Dynamic android malware classification using graph-based representations. In 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud’16). IEEE, 220--231.

[122]

Chi Yang and Jinjun Chen. 2017. A scalable data chunk similarity based compression approach for efficient big sensing data processing on cloud. IEEE Transactions on Knowledge and Data Engineering 29, 6 (2017), 1144--1157.

Digital Library

[123]

Chi Yang, Chang Liu, Xuyun Zhang, Surya Nepal, and Jinjun Chen. 2015. A time efficient approach for detecting errors in big sensor data on cloud. IEEE Transactions on Parallel and Distributed Systems 26, 2 (2015), 329--339.

Digital Library

[124]

Chi Yang, Deepak Puthal, Saraju P. Mohanty, and Elias Kougianos. 2017. Big-sensing-data curation for the cloud is coming: A promise of scalable cloud-data-center mitigation for next-generation IoT and wireless sensor networks. IEEE Consumer Electronics Magazine 6, 4 (2017), 48--56.

[125]

Chi Yang, Xuyun Zhang, Changmin Zhong, Chang Liu, Jian Pei, Kotagiri Ramamohanarao, and Jinjun Chen. 2014. A spatiotemporal compression based approach for efficient big data processing on cloud. Journal of Computer and System Sciences 80, 8 (2014), 1563--1583.

Digital Library

[126]

Zhilin Yang, Ye Yuan, Yuexin Wu, Ruslan Salakhutdinov, and William W. Cohen. 2016. Encode, review, and decode: Reviewer module for caption generation. arXiv Preprint arXiv:1605.07912 (2016).

Digital Library

[127]

Qing Ye, Xiaoping Wu, and Bo Yan. 2010. An intrusion detection approach based on system call sequences and rules extraction. In 2010 2nd International Conference on E-business and Information System Security. IEEE, 1--4.

[128]

Dit-Yan Yeung and Yuxin Ding. 2003. Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognition 36, 1 (2003), 229--243.

[129]

Ding Yuxin, Yuan Xuebing, Zhou Di, Dong Li, and An Zhanchao. 2011. Feature representation and selection in malicious code detection methods based on static system calls. Computers 8 Security 30, 6 (2011), 514--524.

Digital Library

[130]

Matei Zaharia. 2016. An Architecture for Fast and General Data Processing on Large Clusters. Morgan 8 Claypool.

Digital Library

[131]

Matei Zaharia, Mosharaf Chowdhury, Tathagata Das, Ankur Dave, Justin Ma, Murphy McCauley, Michael J. Franklin, Scott Shenker, and Ion Stoica. 2012. Resilient distributed datasets: A fault-tolerant abstraction for in-memory cluster computing. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation. USENIX Association, 2--2.

Digital Library

[132]

Matei Zaharia, Tathagata Das, Haoyuan Li, Timothy Hunter, Scott Shenker, and Ion Stoica. 2013. Discretized streams: Fault-tolerant streaming computation at scale. In Proceedings of the 24th ACM Symposium on Operating Systems Principles. ACM, 423--438.

Digital Library

[133]

Xuyun Zhang, Wanchun Dou, Jian Pei, Surya Nepal, Chi Yang, Chang Liu, and Jinjun Chen. 2015. Proximity-aware local-recoding anonymization with mapreduce for scalable big data privacy preservation in cloud. IEEE Transactions on Computers 64, 8 (2015), 2293--2307.

Digital Library

[134]

Xuyun Zhang, Chang Liu, Surya Nepal, Chi Yang, and Jinjun Chen. 2014. Privacy preservation over big data in cloud systems. In Security, Privacy and Trust in Cloud Systems. Springer, 239--257.

[135]

Xuyun Zhang, Chang Liu, Surya Nepal, Chi Yang, Wanchun Dou, and Jinjun Chen. 2014. A hybrid approach for scalable sub-tree anonymization over big data using MapReduce on cloud. Journal of Computer and System Sciences 80, 5 (2014), 1008--1020.

[136]

Xuyun Zhang, Laurence T. Yang, Chang Liu, and Jinjun Chen. 2014. A scalable two-phase top-down specialization approach for data anonymization using Mapreduce on cloud. IEEE Transactions on Parallel and Distributed Systems 25, 2 (2014), 363--373.

Digital Library

[137]

Richard Zuech, Taghi M. Khoshgoftaar, and Randall Wald. 2015. Intrusion detection and big heterogeneous data: A survey. Journal of Big Data 2, 1 (2015), 1.

Cited By

Kim YHong SPark SKim H(2025)Reinforcement Learning-Based Generative Security Framework for Host Intrusion DetectionIEEE Access10.1109/ACCESS.2025.353235313(15346-15362)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3532353
Kalpani NRodrigo NSeneviratne DAriyadasa SSenanayake J(2025)Cutting-edge approaches in intrusion detection systems: a systematic review of deep learning, reinforcement learning, and ensemble techniquesIran Journal of Computer Science10.1007/s42044-025-00246-8Online publication date: 5-Mar-2025
https://doi.org/10.1007/s42044-025-00246-8
Dong HKotenko I(2025)Cybersecurity in the AI era: analyzing the impact of machine learning on intrusion detectionKnowledge and Information Systems10.1007/s10115-025-02366-wOnline publication date: 19-Feb-2025
https://doi.org/10.1007/s10115-025-02366-w
Show More Cited By

Index Terms

Host-Based Intrusion Detection System with System Calls: Review and Future Trends
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems
      1. Artificial immune systems

Recommendations

The Design and Implementation of Host-Based Intrusion Detection System
IITSI '10: Proceedings of the 2010 Third International Symposium on Intelligent Information Technology and Security Informatics

Intrusion detection is the process of identifying and responding to suspicious activities targeted at computing and communication resources, and it has become the mainstream of information assurance as the dramatic increase in the number of attacks. ...
Intrusion Detection System: A Comparative Study of Machine Learning-Based IDS

The use of encrypted data, the diversity of new protocols, and the surge in the number of malicious activities worldwide have posed new challenges for intrusion detection systems (IDS). In this scenario, existing signature-based IDS are not performing ...
Intrusion detection system in cloud computing environment
ICWET '11: Proceedings of the International Conference & Workshop on Emerging Trends in Technology

In recent years, with the growing popularity of cloud computing, security in cloud has become an important issue. As "Prevention is better than cure", detecting and blocking an attack is better than responding to an attack after a system has been ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 51, Issue 5

September 2019

791 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3271482

Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 November 2018

Accepted: 01 April 2018

Revised: 01 April 2018

Received: 01 July 2017

Published in CSUR Volume 51, Issue 5

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Research
Refereed

Funding Sources

China Scholarship Council

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

93
Total Citations
View Citations
3,760
Total Downloads

Downloads (Last 12 months)402
Downloads (Last 6 weeks)52

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kim YHong SPark SKim H(2025)Reinforcement Learning-Based Generative Security Framework for Host Intrusion DetectionIEEE Access10.1109/ACCESS.2025.353235313(15346-15362)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3532353
Kalpani NRodrigo NSeneviratne DAriyadasa SSenanayake J(2025)Cutting-edge approaches in intrusion detection systems: a systematic review of deep learning, reinforcement learning, and ensemble techniquesIran Journal of Computer Science10.1007/s42044-025-00246-8Online publication date: 5-Mar-2025
https://doi.org/10.1007/s42044-025-00246-8
Dong HKotenko I(2025)Cybersecurity in the AI era: analyzing the impact of machine learning on intrusion detectionKnowledge and Information Systems10.1007/s10115-025-02366-wOnline publication date: 19-Feb-2025
https://doi.org/10.1007/s10115-025-02366-w
Parhizkari S(2024)Anomaly Detection in Intrusion Detection SystemsAnomaly Detection - Recent Advances, AI and ML Perspectives and Applications10.5772/intechopen.112733Online publication date: 17-Jan-2024
https://doi.org/10.5772/intechopen.112733
Rajendran RMohana Priya TWilfred Blessing N(2024)AI Solutions for Complex Communication Network ChallengesAI for Large Scale Communication Networks10.4018/979-8-3693-6552-6.ch003(45-58)Online publication date: 25-Oct-2024
https://doi.org/10.4018/979-8-3693-6552-6.ch003
Agarwal MSarden DRamesh SSingh R(2024)Endpoint Controls Through a Lens of PCI DSSAdvances in Enterprise Technology Risk Assessment10.4018/979-8-3693-4211-4.ch009(245-282)Online publication date: 18-Oct-2024
https://doi.org/10.4018/979-8-3693-4211-4.ch009
Tunde-Onadele OLin YGu XHe JLatapie H(2024)Self-Supervised Machine Learning Framework for Online Container Security Attack DetectionACM Transactions on Autonomous and Adaptive Systems10.1145/366579519:3(1-28)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3665795
He JTang CLi WLi TChen LLan X(2024)BR-HIDF: An Anti-Sparsity and Effective Host Intrusion Detection Framework Based on Multi-Granularity Feature ExtractionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332438819(485-499)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3324388
Huang ZTang XLi HCao XCheng JTu WLiu L(2024)TabSec: A Collaborative Framework for Novel Insider Threat Detection2024 IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA)10.1109/ISPA63168.2024.00277(2030-2037)Online publication date: 30-Oct-2024
https://doi.org/10.1109/ISPA63168.2024.00277
Frasão AHeinrich TFulber-Garcia VWill NObelheiro RMaziero C(2024)I See Syscalls by the Seashore: An Anomaly-based IDS for Containers Leveraging Sysdig Data2024 IEEE Symposium on Computers and Communications (ISCC)10.1109/ISCC61673.2024.10733595(1-6)Online publication date: 26-Jun-2024
https://doi.org/10.1109/ISCC61673.2024.10733595
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Issue’s Table of Contents