Skip to main content
SpringerLink
Log in

Intrusion Prediction and Detection with Deep Sequence Modeling

  • Conference paper
  • First Online:
Security in Computing and Communications (SSCC 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1208))

Included in the following conference series:

Abstract

With the wide adoption of the internet and its applications in recent years, many antagonists have been exploiting information exchange for malicious activities. Intrusion detection and prevention systems are widely researched areas, rightly so being an integral part of network security. Adoption of IDSs and IPSs in networks have shown significant results while expanding research from software solutions to hardware-based solutions, promoting such defensive techniques even further. As with all recent computing trends, Machine Learning and Deep Learning techniques have become extremely prevalent in intrusion detection and prediction systems. There have been attempts to improve state of the art, but none is projecting any significant improvement over the current systems. Traditional systems alert the user after an intrusion has occurred, steps can be taken to stop further expansion of the intrusion, but in most cases, it is too late. Hence catering to this issue, this paper proposes system call prediction using a Recurrent Neural Network (RNNs) and Variational Autoencoding modelling techniques to predict sequences of system calls of a modern computer system. The proposed model makes use of ADFA intrusion dataset to learn long term sequences of system-call executed during an attack on a Linux based web server. The model can to effectively predict and classify sequences of system-calls most likely to occur during a known or unknown (zero-day) attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Stoneburner, G.: Underlying models for information technology security. NIST Special Publication 800-33 (2001)

    Google Scholar 

  2. Kumar, V., Sangwan, O.P.: Signature-based intrusion detection system using SNORT. Int. J. Comput. Appl. Inf. Technol. I(III), 35–41 (2012). ISSN 2278-7720

    Google Scholar 

  3. Jyothsna, V., Prasad, V.V.R., Prasad, K.M.: A review of anomaly-based intrusion detection systems. Int. J. Comput. Appl. 28, 26–35 (2011). ISSN 0975-8887

    Google Scholar 

  4. Forrest, S., Hofmeyr, S., Somayaji, A.: The evolution of SC monitoring. In: Computer Security Applications Conference, ACSAC 2008, pp. 418–430. IEEE (2008)

    Google Scholar 

  5. Xu, Z., Yu, X., Tari, Z.: A multi-module anomaly detection scheme based on system call prediction. In: 2013 Industrial Electronics and Applications, pp. 1376–1381. IEEE (2013)

    Google Scholar 

  6. Chung, Y.-A., Wu, C.-C., Shen, C.-H., Lee, H.-Y., Lee, L.-S.: Audio word2vec: unsupervised learning of audio segment representations using sequence-to-sequence autoencoder. abs/1603.00982 (2016)

    Google Scholar 

  7. Lipton, Z.C., Berkowitz, J., Elkan, C.: A critical review of recurrent neural networks for sequence learning (2015). https://arxiv.org/pdf/1506.00019.pdf

  8. Bengio, Y., Ducharme, R., Vincent, P., Jauvin, C.: A neural probabilistic language model. J. Mach. Learn. Res. 3, 1137–1155 (2003)

    MATH  Google Scholar 

  9. Werbos, P.J.: Backpropagation through time: what it does and how to do it. Proc. IEEE 78(10), 1550–1560 (1990)

    Google Scholar 

  10. Bengio, Y., Frasconi, P., Simard, P.: The problem of learning long-term dependencies in recurrent networks. In: IEEE International Conference on Neural Networks, vol. 3, pp. 1183–1188. IEEE (1993)

    Google Scholar 

  11. Fiore, U., Palmieri, F., Castiglione, A., De Santis, A.: Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122, 13–23 (2013). https://doi.org/10.1016/j.neucom.2012.11.050

  12. Benigo, Y., Lamblin, P., Popovici, D., Larochelle, H.: Greedy layer-wise training of deep networks. In: Advances in Neural Information Processing Systems. MIT Press, Cambridge (2007)

    Google Scholar 

  13. Zhengdao, Z., Zhumiao, P., Zhiping, Z.: The study of intrusion prediction based on HsMM. In: Asia-Pacific Services Computing Conference, APSCC 2008, pp. 1358–1363. IEEE (2008)

    Google Scholar 

  14. Qiao, Y., Xin, X.W., Bin, Y.: Anomaly intrusion detection method based on HMM. Electron. Lett. 38(13), 663–664 (2002)

    Article  Google Scholar 

  15. Li, Z., Lei, J., Wang, L.: Data mining approach to generating network attack graph for intrusion prediction. In: International Conference on Fuzzy Systems and Knowledge Discovery, pp. 307–311. IEEE (2007)

    Google Scholar 

  16. Feng, L., Guan, X., Guo, S.: Predicting the intrusion intentions by observing system call sequences. Comput. Secur. 23(3), 241–252 (2004)

    Article  Google Scholar 

  17. Staudemeyer, Omlin C W.: Evaluating performance of long short-term memory recurrent neural networks on intrusion detection data. South African Institute for Computer Scientists and Information Technologists Conference. 2013:218–224. (2013)

    Google Scholar 

  18. Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate (2014). https://arxiv.org/abs/1409.0473

  19. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9, 1735–80 (1997). https://doi.org/10.1162/neco.1997.9.8.1735

  20. Gers, F.A., Schmidhuber, J., Cummins, F.: Learning to forget: continual prediction with LSTM. In: Ninth International Conference on Artificial Neural Networks ICANN 1999, (Conf. Publ. No. 470), Edinburgh, UK, vol. 2, pp. 850–855 (1999). https://doi.org/10.1049/cp:19991218

  21. Cho, K., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation (2014). https://arxiv.org/abs/1406.1078

  22. Kingma, D.P., Welling, M.: Auto-encoding variational bayes (2013). arxiv.org/abs/1312.6114

  23. Bahuleyan, H.: Natural language generation with neural variational models (2018). https://arxiv.org/pdf/1808.09012.pdf

  24. Papineni, K., Roukos, S., Ward, T.: BLEU: a method for automatic evaluation of machine translation. In: Meeting on Association for Computational Linguistics. Association for Computational Linguistics, pp. 311–318. (2002)

    Google Scholar 

  25. Creech, G., Hu, J.: Generation of a new IDS test dataset: time to retire the KDD collection. In: Wireless Communications and Networking Conference (WCNC), pp. 4487–4492. IEEE (2013)

    Google Scholar 

  26. Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguous and discontinuous system call patterns. IEEE Trans. Comput. 63, 807–819 (2013)

    Article  Google Scholar 

  27. Creech, G.: Developing a high-accuracy cross-platform host-based intrusion detection system capable of reliably detecting zero-day attacks (2014)

    Google Scholar 

  28. Lin, S.-W., Ying, K.-C.: An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection (2012). https://doi.org/10.1016/j.asoc.2012.05.004

  29. Chung, J., Ahn, S., Bengio, Y.: Hierarchical multiscale recurrent neural networks. arXiv:1609.01704 (2012)

  30. Lipton, Z.C., Berkowitz, J., Elkan, C.: A critical review of recurrent neural networks for sequence learning. arXiv:1506.00019 (2012)

Download references

Author information

Authors and Affiliations

  1. Department of Information Science and Engineering, B. M. S. Institute of Technology, Bangalore, India

    Gaurav Sarraf & M. S. Swetha

Authors
  1. Gaurav Sarraf
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. S. Swetha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gaurav Sarraf .

Editor information

Editors and Affiliations

  1. Indian Institute of Information Technology and Management, Trivandrum, India

    Sabu M. Thampi

  2. University of Murcia, Espinardo, Murcia, Spain

    Gregorio Martinez Perez

  3. University of Queensland, Brisbane, QLD, Australia

    Ryan Ko

  4. Howard University, Washington, DC, USA

    Danda B. Rawat

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sarraf, G., Swetha, M.S. (2020). Intrusion Prediction and Detection with Deep Sequence Modeling. In: Thampi, S., Martinez Perez, G., Ko, R., Rawat, D. (eds) Security in Computing and Communications. SSCC 2019. Communications in Computer and Information Science, vol 1208. Springer, Singapore. https://doi.org/10.1007/978-981-15-4825-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-4825-3_2

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-4824-6

  • Online ISBN: 978-981-15-4825-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation