Early Detection of Host-based Intrusions in Linux Environment

摘要

Several research works on host-based intrusion detection systems (HIDSs) using Australian Defence Force Academy Linux Dataset (ADFA-LD) have been performed over the past few years. Also, different kinds of machine learning techniques have been applied on those HIDSs to improve the detection performance for high accuracy and low false-alarm rate. However, there is less emphasis given on the practical deployment of HIDS for real-time intrusion detection. To address this limitation, we propose a machine learning based HIDS using the same ADFA-LD dataset that possesses the ability to perform early detection of intrusions. In the proposed HIDS, only a limited number of system calls, invoked by the applications in their early execution, are analyzed for intrusion detection. The experimental results show the possibility of achieving a detection performance similar to the approaches that use all the system calls invoked during the full execution of applications.