A Machine Learning Framework for Host Based Intrusion Detection using System Call Abstraction
MetadataShow full item record
The number of cyber threats is increasing faster than the number of defensive strategies deployed to tackle those threats. An automated Intrusion Detection System (IDS) has the capability to detect, classify, and predict cyber intrusions. To protect an individual host from low-footprint, new generation attacks, I propose a machine learning framework for Host-based Intrusion Detection using system calls identifiers. I chose ADFA-LD12 dataset to evaluate the framework. I developed a hybrid feature retrieval technique combining Integer Data Zero Watermark method and Frequency-based System Call modeling. I applied dimensionality reduction techniques to represent the retrieved features into lower-dimensional space. I finally trained several machine learning and neural network-based classifiers. I evaluated the efficiency of the proposed framework by comparing it with previously proposed approaches. Experimental results indicate that the proposed approach outperforms most of the existing methods in reducing false alarm rate, increasing detection rate, and reducing training time.