| dc.contributor.author | Čeponis, Dainius | |
| dc.contributor.author | Goranin, Nikolaj | |
| dc.date.accessioned | 2023-09-18T20:15:06Z | |
| dc.date.available | 2023-09-18T20:15:06Z | |
| dc.date.issued | 2019 | |
| dc.identifier.issn | 1939-0114 | |
| dc.identifier.uri | https://etalpykla.vilniustech.lt/handle/123456789/148207 | |
| dc.description.abstract | The increasing amount of malware and cyberattacks on a host level increases the need for a reliable anomaly-based host IDS (HIDS) that would be able to deal with zero-day attacks and would ensure low false alarm rate (FAR), which is critical for the detection of such activity. Deep learning methods such as convolutional neural networks (CNNs) and recurrent neural networks (RNNs) are considered to be highly suitable for solving data-driven security solutions. Therefore, it is necessary to perform the comparative analysis of such methods in order to evaluate their efficiency in attack classification as well as their ability to distinguish malicious and benign activity. In this article, we present the results achieved with the AWSCTD (attack-caused Windows OS system calls traces dataset), which can be considered as the most exhaustive set of host-level anomalies at the moment, including 112.56 million system calls from 12110 executable malware samples and 3145 benign software samples with 16.3 million system calls. The best results were obtained with CNNs with up to 90.0% accuracy for family classification and 95.0% accuracy for malicious/benign determination. RNNs demonstrated slightly inferior results. Furthermore, CNN tuning via an increase in the number of layers should make them practically applicable for host-level anomaly detection. | eng |
| dc.format | PDF | |
| dc.format.extent | p. 1-12 | |
| dc.format.medium | tekstas / txt | |
| dc.language.iso | eng | |
| dc.relation.isreferencedby | ACM Digital Library | |
| dc.relation.isreferencedby | INSPEC | |
| dc.relation.isreferencedby | Scopus | |
| dc.relation.isreferencedby | Science Citation Index Expanded (Web of Science) | |
| dc.rights | Laisvai prieinamas internete | |
| dc.source.uri | http://downloads.hindawi.com/journals/scn/2019/2317976.pdf | |
| dc.source.uri | https://doi.org/10.1155/2019/2317976 | |
| dc.source.uri | https://talpykla.elaba.lt/elaba-fedora/objects/elaba:43080179/datastreams/MAIN/content | |
| dc.title | Evaluation of deep learning methods efficiency for malicious and benign system calls classification on the AWSCTD | |
| dc.type | Straipsnis Web of Science DB / Article in Web of Science DB | |
| dcterms.accessRights | This is an open access article distributed under the Creative Commons Attribution License | |
| dcterms.references | 37 | |
| dc.type.pubtype | S1 - Straipsnis Web of Science DB / Web of Science DB article | |
| dc.contributor.institution | Vilniaus Gedimino technikos universitetas | |
| dc.contributor.faculty | Fundamentinių mokslų fakultetas / Faculty of Fundamental Sciences | |
| dc.subject.researchfield | T 007 - Informatikos inžinerija / Informatics engineering | |
| dc.subject.vgtuprioritizedfields | IK0101 - Informacijos ir informacinių technologijų sauga / Information and Information Technologies Security | |
| dc.subject.ltspecializations | L106 - Transportas, logistika ir informacinės ir ryšių technologijos (IRT) / Transport, logistic and information and communication technologies | |
| dc.subject.en | deep learnining | |
| dc.subject.en | anomaly | |
| dc.subject.en | malicious | |
| dc.subject.en | system call | |
| dcterms.sourcetitle | Security and communication networks | |
| dc.description.volume | vol. 2019 | |
| dc.publisher.name | Hindawi | |
| dc.publisher.city | London | |
| dc.identifier.doi | 000499165000001 | |
| dc.identifier.doi | 10.1155/2019/2317976 | |
| dc.identifier.elaba | 43080179 | |
