A Host-Based Intrusion Detection System

  • Prachi S. Deshpande
  • Subhash C. Sharma
  • Sateesh K. Peddoju
Part of the Studies in Big Data book series (SBD, volume 52)


A host-based intrusion detection system for Cloud environment is reported in this chapter along with its laboratory analysis. This module alerts the Cloud user against the malicious activities within the system by analysing the system call traces. It analyses only selective system call traces, the failed system call trace, rather than all. This module provides an early detection of the intrusion and works as the security to the infrastructure layer of the Cloud environment.


  1. 1.
    Sequeira, D.: Intrusion Prevention Systems-Security’s Silver Bullet? SANS Institute InfoSec Reading Room (2002). Available at: = 366.php\&cat = detection
  2. 2.
    Ludwig, S., Bauer, K.: Immune network algorithm applied to the optimization of composite SaaS in cloud computing. In: IEEE Congress on Evolutionary Computation, Sendai, Japan, pp. 3042–3048, May 2015Google Scholar
  3. 3.
    Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in Cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)CrossRefGoogle Scholar
  4. 4.
    Anderson, J.: Computer Security Threat Monitoring and Surveillance, Technical report. Available at:
  5. 5.
    Denning, D.: An intrusion detection model. IEEE Trans. Software Eng. 13(2), 222–232 (1987)CrossRefGoogle Scholar
  6. 6.
    Lee, W., Stolfo, S., Chan, P.: Learning Patterns from UNIX Process Execution Traces for Intrusion Detection, pp. 50–56. AAAI Press, July 1997Google Scholar
  7. 7.
    Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: alternative data models. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA, pp. 133–145, May 1999Google Scholar
  8. 8.
    Payne, T., Edwards, P., Green, C.: Experience with rule induction and k-nearest neighbor methods for interface agents that learn. IEEE Trans. Knowl. Data Eng. 9(2), 329–335 (2002)CrossRefGoogle Scholar
  9. 9.
    Ghosh, A., Schwartzbard, A., Shatz, A.: Learning program behavior profiles for intrusion detection. In: Proceedings of Ist USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, USA, vol. 1, pp. 1–13, Apr 1999Google Scholar
  10. 10.
    Rawat, S., Gulati, V., Pujari, A., Vemuri, V.: Intrusion detection using text processing techniques with a binary-weighted cosine metric. J. Inf. Assur. Secur. 1, 43–50 (2007)Google Scholar
  11. 11.
    Forrest, S., Hofmeyr, A., Somayaji, A., Longsta, T.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 120–128, May 1996Google Scholar
  12. 12.
    Wespi, A., Dacier, M., Debar, H.: Intrusion detection using variable length audit trail patterns. Recent Adv. Intrusion Detect. 1907, 110–129 (2000)CrossRefGoogle Scholar
  13. 13.
    Tandon, G., Chan, P.: Learning useful system call attributes for anomaly detection. In: Proceedings of the 18th International Artificial Intelligence Research Society Conference, Florida, pp. 405–410 (2005)Google Scholar
  14. 14.
    Vokorokos, L., Balaz, A.: Host-based intrusion detection system. In: 14th International Conference on Intelligent Engineering Systems, Spain, pp. 43–47, May 2010Google Scholar
  15. 15.
    Barbhuiya, F., Biswas, S., Nandi, S.: An active host-based intrusion detection system for ARP-related attacks and its verification. Int. J. Netw. Secur. Appl. 3(3), 163–180 (2011)Google Scholar
  16. 16.
    Cai, L., Chen, J., Ke, Y., Chen, T., Li, Z.: A new data normalization method for unsupervised anomaly intrusion detection. J. Zhejiang Univ. Sci. C 11(10), 778–784 (2010)CrossRefGoogle Scholar
  17. 17.
    Doelitzscher, F., Reich, C., Knahl, M., Passfall, A., Clarke, N.: An agent based business aware incident detection system for cloud environments. J. Cloud Comput. Adv. Syst. Appl. 1(9), 1–19 (2012)Google Scholar
  18. 18.
    Htun, P., Khaing, K.: Important roles of data mining techniques for anomaly intrusion detection system. Int. J. Adv. Res. Comput. Eng. Technol. 2(5), 1850–1854 (2013)Google Scholar
  19. 19.
    KDD 99 datasets, The UCI KDD Archive, Irvine, CA, USA (1999). Available at:
  20. 20.
    Deshpande, P., Sharma, S., Peddoju, S.K.: Deploying a private cloud: go through the errors first. In: Proceedings of Conference on Advances in Communication and Control Systems, Deharadun, India, pp. 638–641, Apr 2013Google Scholar
  21. 21.
    Aggarwal, C., Zhai, C.: A survey of text classification algorithms. In: Mining Text Data, pp. 163–222 (2012)CrossRefGoogle Scholar
  22. 22.
    Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861–874 (2006)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Deshpande, P., Sharma, S.C., Peddoju, S.K., et al.: HIDS: a host based intrusion detection system for cloud computing environment. Int. J. Syst. Assur. Eng. Manag. 9, 567 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Prachi S. Deshpande
    • 1
  • Subhash C. Sharma
    • 2
  • Sateesh K. Peddoju
    • 3
  1. 1.Department of Computer EngineeringDr. Babasaheb Ambedkar Technological UniversityLonereIndia
  2. 2.Indian Institute of Technology RoorkeeRoorkeeIndia
  3. 3.Indian Institute of Technology RoorkeeRoorkeeIndia

Personalised recommendations