| dc.contributor.author | Mažeika, Dalius | |
| dc.contributor.author | Ševiakovas, Elonas | |
| dc.date.accessioned | 2023-09-18T16:11:18Z | |
| dc.date.available | 2023-09-18T16:11:18Z | |
| dc.date.issued | 2021 | |
| dc.identifier.uri | https://etalpykla.vilniustech.lt/handle/123456789/112207 | |
| dc.description.abstract | Intrusion detection is a relevant field of information security, and different artificial intelligence methods are used to identify cyberattacks and anomalies in the networks and hosts. In this research, we address the problem of identifying host-level intrusion detection through time-series data analysis of user behavior. Data such as TCP/IP connections, size of transferred data, and running processes in the host were analyzed. A specialized tool was developed to build a dataset from Windows-based desktop by gathering data of Windows users' normal and abnormal behaviors. The following unauthorized actions as permission escalation, transferring of sensitive user data, SSH service launching, or session opening were treated as intruder activities. Gathered data was proceeded using MD5 feature hashing and normalized, applying min-max scaling or L2 norm depending on the data type. A deep learning approach using LSTM autoencoder was implemented for host intrusion detection. The model was trained until 100 epochs using a dataset collected during two days, while the third day’s data were used for model testing. Analysis of the resulting accuracy of the model was performed, and the highest accuracy of 78.57% was achieved when nine records grouped the data. Finally, results were compared with the public dataset ADFA-LD, and corresponding conclusions were made. | eng |
| dc.format | PDF | |
| dc.format.extent | p. 50 | |
| dc.format.medium | tekstas / txt | |
| dc.language.iso | eng | |
| dc.relation.ispartofseries | Vilnius University Proceedings vol. 17 2669-0233 | |
| dc.relation.isreferencedby | Dimensions | |
| dc.relation.isreferencedby | Scilit | |
| dc.source.uri | https://www.journals.vu.lt/proceedings/article/view/25028/24294 | |
| dc.source.uri | https://talpykla.elaba.lt/elaba-fedora/objects/elaba:113055067/datastreams/COVER/content | |
| dc.title | User behavior based host-level intrusion detection using deep neural network | |
| dc.type | Konferencijos pranešimo santrauka tarptautinėse DB / Conference presentation abstract in an international DB | |
| dcterms.accessRights | This is an Open Access article distributed under the terms of the Creative Commons Attribution Licence, which permits unrestricted use, distribution, and reproduction in anymedium, provided the original author and source are credited. | |
| dcterms.license | Creative Commons – Attribution – 4.0 International | |
| dcterms.references | 0 | |
| dc.type.pubtype | T1 - Konferencijos pranešimo tezės tarptautinėse DB / Conference presentation abstract in an international DB | |
| dc.contributor.institution | Vilniaus Gedimino technikos universitetas | |
| dc.contributor.faculty | Fundamentinių mokslų fakultetas / Faculty of Fundamental Sciences | |
| dc.subject.researchfield | T 007 - Informatikos inžinerija / Informatics engineering | |
| dc.subject.vgtuprioritizedfields | IK0101 - Informacijos ir informacinių technologijų sauga / Information and Information Technologies Security | |
| dc.subject.ltspecializations | L106 - Transportas, logistika ir informacinės ir ryšių technologijos (IRT) / Transport, logistic and information and communication technologies | |
| dc.subject.en | deep learning | |
| dc.subject.en | intrusion detection | |
| dc.subject.en | user behavior | |
| dcterms.sourcetitle | DAMSS: 12th conference on "Data analysis methods for software systems", Druskininkai, Lithuania, December 2–4, 2021 | |
| dc.publisher.name | Vilnius University Press | |
| dc.publisher.city | Vilnius | |
| dc.identifier.doi | 10.15388/DAMSS.12.2021 | |
| dc.identifier.elaba | 113055067 | |
