Abstract
With the wide adoption of the internet and its applications in recent years, many antagonists have been exploiting information exchange for malicious activities. Intrusion detection and prevention systems are widely researched areas, rightly so being an integral part of network security. Adoption of IDSs and IPSs in networks have shown significant results while expanding research from software solutions to hardware-based solutions, promoting such defensive techniques even further. As with all recent computing trends, Machine Learning and Deep Learning techniques have become extremely prevalent in intrusion detection and prediction systems. There have been attempts to improve state of the art, but none is projecting any significant improvement over the current systems. Traditional systems alert the user after an intrusion has occurred, steps can be taken to stop further expansion of the intrusion, but in most cases, it is too late. Hence catering to this issue, this paper proposes system call prediction using a Recurrent Neural Network (RNNs) and Variational Autoencoding modelling techniques to predict sequences of system calls of a modern computer system. The proposed model makes use of ADFA intrusion dataset to learn long term sequences of system-call executed during an attack on a Linux based web server. The model can to effectively predict and classify sequences of system-calls most likely to occur during a known or unknown (zero-day) attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Stoneburner, G.: Underlying models for information technology security. NIST Special Publication 800-33 (2001)
Kumar, V., Sangwan, O.P.: Signature-based intrusion detection system using SNORT. Int. J. Comput. Appl. Inf. Technol. I(III), 35–41 (2012). ISSN 2278-7720
Jyothsna, V., Prasad, V.V.R., Prasad, K.M.: A review of anomaly-based intrusion detection systems. Int. J. Comput. Appl. 28, 26–35 (2011). ISSN 0975-8887
Forrest, S., Hofmeyr, S., Somayaji, A.: The evolution of SC monitoring. In: Computer Security Applications Conference, ACSAC 2008, pp. 418–430. IEEE (2008)
Xu, Z., Yu, X., Tari, Z.: A multi-module anomaly detection scheme based on system call prediction. In: 2013 Industrial Electronics and Applications, pp. 1376–1381. IEEE (2013)
Chung, Y.-A., Wu, C.-C., Shen, C.-H., Lee, H.-Y., Lee, L.-S.: Audio word2vec: unsupervised learning of audio segment representations using sequence-to-sequence autoencoder. abs/1603.00982 (2016)
Lipton, Z.C., Berkowitz, J., Elkan, C.: A critical review of recurrent neural networks for sequence learning (2015). https://arxiv.org/pdf/1506.00019.pdf
Bengio, Y., Ducharme, R., Vincent, P., Jauvin, C.: A neural probabilistic language model. J. Mach. Learn. Res. 3, 1137–1155 (2003)
Werbos, P.J.: Backpropagation through time: what it does and how to do it. Proc. IEEE 78(10), 1550–1560 (1990)
Bengio, Y., Frasconi, P., Simard, P.: The problem of learning long-term dependencies in recurrent networks. In: IEEE International Conference on Neural Networks, vol. 3, pp. 1183–1188. IEEE (1993)
Fiore, U., Palmieri, F., Castiglione, A., De Santis, A.: Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122, 13–23 (2013). https://doi.org/10.1016/j.neucom.2012.11.050
Benigo, Y., Lamblin, P., Popovici, D., Larochelle, H.: Greedy layer-wise training of deep networks. In: Advances in Neural Information Processing Systems. MIT Press, Cambridge (2007)
Zhengdao, Z., Zhumiao, P., Zhiping, Z.: The study of intrusion prediction based on HsMM. In: Asia-Pacific Services Computing Conference, APSCC 2008, pp. 1358–1363. IEEE (2008)
Qiao, Y., Xin, X.W., Bin, Y.: Anomaly intrusion detection method based on HMM. Electron. Lett. 38(13), 663–664 (2002)
Li, Z., Lei, J., Wang, L.: Data mining approach to generating network attack graph for intrusion prediction. In: International Conference on Fuzzy Systems and Knowledge Discovery, pp. 307–311. IEEE (2007)
Feng, L., Guan, X., Guo, S.: Predicting the intrusion intentions by observing system call sequences. Comput. Secur. 23(3), 241–252 (2004)
Staudemeyer, Omlin C W.: Evaluating performance of long short-term memory recurrent neural networks on intrusion detection data. South African Institute for Computer Scientists and Information Technologists Conference. 2013:218–224. (2013)
Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate (2014). https://arxiv.org/abs/1409.0473
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9, 1735–80 (1997). https://doi.org/10.1162/neco.1997.9.8.1735
Gers, F.A., Schmidhuber, J., Cummins, F.: Learning to forget: continual prediction with LSTM. In: Ninth International Conference on Artificial Neural Networks ICANN 1999, (Conf. Publ. No. 470), Edinburgh, UK, vol. 2, pp. 850–855 (1999). https://doi.org/10.1049/cp:19991218
Cho, K., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation (2014). https://arxiv.org/abs/1406.1078
Kingma, D.P., Welling, M.: Auto-encoding variational bayes (2013). arxiv.org/abs/1312.6114
Bahuleyan, H.: Natural language generation with neural variational models (2018). https://arxiv.org/pdf/1808.09012.pdf
Papineni, K., Roukos, S., Ward, T.: BLEU: a method for automatic evaluation of machine translation. In: Meeting on Association for Computational Linguistics. Association for Computational Linguistics, pp. 311–318. (2002)
Creech, G., Hu, J.: Generation of a new IDS test dataset: time to retire the KDD collection. In: Wireless Communications and Networking Conference (WCNC), pp. 4487–4492. IEEE (2013)
Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguous and discontinuous system call patterns. IEEE Trans. Comput. 63, 807–819 (2013)
Creech, G.: Developing a high-accuracy cross-platform host-based intrusion detection system capable of reliably detecting zero-day attacks (2014)
Lin, S.-W., Ying, K.-C.: An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection (2012). https://doi.org/10.1016/j.asoc.2012.05.004
Chung, J., Ahn, S., Bengio, Y.: Hierarchical multiscale recurrent neural networks. arXiv:1609.01704 (2012)
Lipton, Z.C., Berkowitz, J., Elkan, C.: A critical review of recurrent neural networks for sequence learning. arXiv:1506.00019 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sarraf, G., Swetha, M.S. (2020). Intrusion Prediction and Detection with Deep Sequence Modeling. In: Thampi, S., Martinez Perez, G., Ko, R., Rawat, D. (eds) Security in Computing and Communications. SSCC 2019. Communications in Computer and Information Science, vol 1208. Springer, Singapore. https://doi.org/10.1007/978-981-15-4825-3_2
Download citation
DOI: https://doi.org/10.1007/978-981-15-4825-3_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-4824-6
Online ISBN: 978-981-15-4825-3
eBook Packages: Computer ScienceComputer Science (R0)