A new approach of user-level intrusion detection with command sequence-to-sequence model

摘要

It is not foolproof for intrusion detection to focus only on the network level and the program level. Internal security and external security of information systems should be given equal attention. User-level intrusion detection can deter and curtail attackers from damaging information systems. Even if the mimic attacker has gained and enhanced the host user privileges that he illegally obtained. In this paper, a novel method based on recurrent neural networks (RNNs) is used to predict user command sequences and prophesy user behaviors. The experimental results show that our command sequence-to-sequence model is robust and effective for solving long sequential problem on three different data sets including Purdue University data set, SEA data set and self-collected data set.