Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (10): 408-415.doi: 10.11896/jsjkx.230700014

• Information Security • Previous Articles     Next Articles

System Call Host Intrusion Detection Technology Based on Generative Adversarial Network

FAN Yi, HU Tao, YI Peng   

  1. Information Technology Institute,Information Engineering University,Zhengzhou 450002,China
  • Received:2023-07-03 Revised:2023-11-13 Online:2024-10-15 Published:2024-10-11
  • About author:FAN Yi,born in 1998,postgraduate.His main research interest is host anomaly detection.
    HU Tao,born in 1993,Ph.D,assistant researcher.His main research interests include new network architecture and active cyber defense.
  • Supported by:
    Key Science and Technology Project of Henan Province(221100240100) and Zhengzhou Key Science and Technology Innovation Project(2021KJZX0060-3).

PDF (PC)

242

Abstract: The system call information of a program is an important data for detecting host anomalies,but the number of anomalies is relatively small,which makes the collected system call data often have the problem of data imbalance.The lack of abnormal system call data makes the detection model unable to fully understand the abnormal behavior pattern of the program,which leads to low accuracy and high false positive rate of intrusion detection.To solve the above problems,a system call host intrusion detection method based on generative adversarial network is proposed.By enhancing abnormal system call data,the problem of data imbalance is alleviated.Firstly,the system call trace of the program is divided into fixed length N-Gram sequences.Secondly,SeqGAN is used to generate synthetic N-Gram sequences from the N-Gram sequences of abnormal data.The generated abnormal data is combined with the original dataset to train the intrusion detection model.Experiments are carried out on a host system call dataset ADFA-LD and an Android system call dataset Drebin.The detection accuracy rate is 0.986 and 0.989,and the false positive rates is 0.011 and 0,respectively.Compared with the existing intrusion detection research methods based on hybrid neural network model,WaveNet,Relaxed-SVM and RNN-VED,the detection performance of the proposed method is better than other methods.

Key words: Host intrusion detection, System call, Generative adversarial network, Deep learning, Data imbalance

CLC Number: 

  • TP309
[1]WONG S C,GATT A,STAMATESCU V,et al.Understanding Data Augmentation for Classification:When to Warp?[C]//2016 International Conference on Digital Image Computing:Techniques and Applications(DICTA).Gold Coast,Australia:IEEE,2016:1-6.
[2]ANABY-TAVOR A,CARMELI B,GOLDBRAICH E,et al.Not Enough Data? Deep Learning to the Rescue![C]//Proceedings of the AAAI Conference on Artificial Intelligence.2020:7383-7390.
[3]YU L,ZHANG W,WANG J,et al.SeqGAN:Sequence Generative Adversarial Nets with Policy Gradient[C]//Proceedings of the Thirty-First AAAI Conference on Artificial Intelligence.San Francisco,California,USA:AAAI Press,2017:2852-2858.
[4]LIU Y,OTT M,GOYAL N,et al.RoBERTa:A Robustly Optimized BERT Pretraining Approach[J].arXiv:1907.11692,2019.
[5]CREECH G,HU J.Generation of a new IDS test dataset:Timeto retire the KDD collection[C]//2013 IEEE Wireless Communications and Networking Conference(WCNC).Shanghai,China:IEEE,2013:4487-4492.
[6]ARP D,SPREITZENBARTH M,HÜBNER M,et al.Drebin:Effective and Explainable Detection of Android Malware in Your Pocket[C]//Proceedings 2014 Network and Distributed System Security Symposium.San Diego,CA:Internet Society,2014:23-36.
[7]DIMJAŠEVIĆ M,ATZENI S,UGRINA I,et al.Evaluation of Android Malware Detection Based on System Calls[C]//Proceedings of the 2016 ACM on International Workshop on Secu-rity And Privacy Analytics.New Orleans Louisiana USA:ACM,2016:1-8.
[8]CREECH G,HU J.A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns[J].IEEE Transactions on Computers,2014,63(4):807-819.
[9]SALEM M,TAHERI S,YUAN J S.Anomaly Generation Using Generative Adversarial Networks in Host-Based Intrusion Detection[C]//2018 9th IEEE Annual Ubiquitous Computing,Electronics & Mobile Communication Conference(UEMCON).New York City,NY,USA:IEEE,2018:683-687.
[10]OSAMOR F,WELLMAN B.Deep Learning-based Hybrid Mo-del for Efficient Anomaly Detection[J].International Journal of Advanced Computer Science and Applications,2022,13(4):975-979.
[11]RING J H,VAN OORT C M,DURST S,et al.Methods for Host-based Intrusion Detection with Deep Learning[J].Digital Threats:Research and Practice,2021,2(4):1-29.
[12]LIAO X,WANG C,CHEN W.Anomaly Detection of SystemCall Sequence Based on Dynamic Features and Relaxed-SVM[J].Security and Communication Networks,2022,2022:1-13.
[13]BOUZAR-BENLABIOD L,RUBIN S H,BELAIDI K,et al.RNN-VED for Reducing False Positive Alerts in Host-based Anomaly Detection Systems[C]//2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science(IRI).Las Vegas,NV,USA:IEEE,2020:17-24.
[14]YOLACAN E N,DY J G,KAELI D R.System Call Anomaly Detection Using Multi-HMMs[C]//2014 IEEE Eighth International Conference on Software Security and Reliability-Compa-nion.San Francisco,CA,USA:IEEE,2014:25-30.
[15]SURATKAR S,KAZI F,GAIKWAD R,et al.Multi HiddenMarkov Models for Improved Anomaly Detection Using System Call Analysis[C]//2019 IEEE Bombay Section Signature Conference(IBSSC).Mumbai,India:IEEE,2019:1-6.
[16]KIM G,YI H,LEE J,et al.LSTM-Based System-Call Language Modeling and Robust Ensemble Method for Designing Host-Based Intrusion Detection Systems[J].arXiv:1611.01726,2016.
[17]CHAWLA A,LEE B,FALLON S,et al.Host Based Intrusion Detection System with Combined CNN/RNN Model[C]//Joint European Conference on Machine Learning and Knowledge Discovery in Databases.Cham:Springer,2018:149-158.
[18]IACOVAZZI A,RAZA S.Ensemble of Random and IsolationForests for Graph-Based Intrusion Detection in Containers[C]//2022 IEEE International Conference on Cyber Security and Resilience(CSR).Rhodes,Greece:IEEE,2022:30-37.
[19]LIU Z,JAPKOWICZ N,WANG R,et al.A statistical patternbased feature extraction method on system call traces for ano-maly detection[J].Information and Software Technology,2020,126:106348.
[20]MURTAZA S S,KHREICH W,HAMOU-LHADJ A,et al.A trace abstraction approach for host-based anomaly detection[C]//2015 IEEE Symposium on Computational Intelligence for Security and Defense Applications(CISDA).Verona,NY,USA:IEEE,2015:1-8.
[21]VASWANI A,SHAZEER N,PARMAR N,et al.Attention isAll You Need[C]//Proceedings of the 31st International Conference on Neural Information Processing Systems(NIPS'17).Curran Associates Inc.,2017:6000-6010.
[22]BRIDGES R A,GLASS-VANDERLAN T R,IANNACONE M D,et al.A Survey of Intrusion Detection Systems Leveraging Host Data[J].ACM Computing Surveys,2019,52(6):1-35.
[1] LIU Yulu, WU Shuhong, YU Dan, MA Yao, CHEN Yongle. Cross-age Identity Membership Inference Based on Attention Feature Decomposition [J]. Computer Science, 2024, 51(9): 401-407.
[2] DU Yu, YU Zishu, PENG Xiaohui, XU Zhiwei. Padding Load:Load Reducing Cluster Resource Waste and Deep Learning Training Costs [J]. Computer Science, 2024, 51(9): 71-79.
[3] XU Jinlong, GUI Zhonghua, LI Jia'nan, LI Yingying, HAN Lin. FP8 Quantization and Inference Memory Optimization Based on MLIR [J]. Computer Science, 2024, 51(9): 112-120.
[4] CHEN Siyu, MA Hailong, ZHANG Jianhui. Encrypted Traffic Classification of CNN and BiGRU Based on Self-attention [J]. Computer Science, 2024, 51(8): 396-402.
[5] SUN Yumo, LI Xinhang, ZHAO Wenjie, ZHU Li, LIANG Ya’nan. Driving Towards Intelligent Future:The Application of Deep Learning in Rail Transit Innovation [J]. Computer Science, 2024, 51(8): 1-10.
[6] KONG Lingchao, LIU Guozhu. Review of Outlier Detection Algorithms [J]. Computer Science, 2024, 51(8): 20-33.
[7] TANG Ruiqi, XIAO Ting, CHI Ziqiu, WANG Zhe. Few-shot Image Classification Based on Pseudo-label Dependence Enhancement and NoiseInterferenceReduction [J]. Computer Science, 2024, 51(8): 152-159.
[8] XIAO Xiao, BAI Zhengyao, LI Zekai, LIU Xuheng, DU Jiajin. Parallel Multi-scale with Attention Mechanism for Point Cloud Upsampling [J]. Computer Science, 2024, 51(8): 183-191.
[9] ZHANG Junsan, CHENG Ming, SHEN Xiuxuan, LIU Yuxue, WANG Leiquan. Diversified Label Matrix Based Medical Image Report Generation [J]. Computer Science, 2024, 51(8): 200-208.
[10] GUO Fangyuan, JI Genlin. Video Anomaly Detection Method Based on Dual Discriminators and Pseudo Video Generation [J]. Computer Science, 2024, 51(8): 217-223.
[11] HE Zhilin, GU Tianhao, XU Guanhua. Few-shot Semi-supervised Semantic Image Translation Algorithm Based on Prototype Correction [J]. Computer Science, 2024, 51(8): 224-231.
[12] GAN Run, WEI Xianglin, WANG Chao, WANG Bin, WANG Min, FAN Jianhua. Backdoor Attack Method in Autoencoder End-to-End Communication System [J]. Computer Science, 2024, 51(7): 413-421.
[13] LI Jiaying, LIANG Yudong, LI Shaoji, ZHANG Kunpeng, ZHANG Chao. Study on Algorithm of Depth Image Super-resolution Guided by High-frequency Information ofColor Images [J]. Computer Science, 2024, 51(7): 197-205.
[14] SHI Dianxi, GAO Yunqi, SONG Linna, LIU Zhe, ZHOU Chenlei, CHEN Ying. Deep-Init:Non Joint Initialization Method for Visual Inertial Odometry Based on Deep Learning [J]. Computer Science, 2024, 51(7): 327-336.
[15] FAN Yi, HU Tao, YI Peng. Host Anomaly Detection Framework Based on Multifaceted Information Fusion of SemanticFeatures for System Calls [J]. Computer Science, 2024, 51(7): 380-388.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.