Application of deep learning methods in host-based intrusion detection systems

Abstract

Protection of information plays an important role in the daily schedule of a modern company. Various types of businesses are dealing with a huge amount of sensitive data: it can be not only data belonging to the private company but also personal data of employees or customers’ information. Intrusion detection systems (IDS) are used to prevent events when malicious third parties seek to gain access to critical information. Early implementations of IDS systems had simple decision-making engines and used a trivial amount of data, including known attack patterns and were useless against zero-day attacks. More extensive operations have to be executed by the IDS today. Various machine learning (ML) models are proposed to be used for these tasks. They demonstrate high detection rate and small false positives when deciding is any action is intrusion or not. Convolutional Neural Networks, Recurrent Neural Networks and LSTM (Long Short-Term Memory) Networks are among the most advanced ML methods. They can automatically extract important features from the data and perform an accurate attack classification. Classification effectiveness of all listed methods has been tested on Windows OS generated System-Calls data, collected in a newly created AWSCTD data-set. The achieved results demonstrate deep learning methods can be successfully used for intrusion detection on the Host level with up to 95% accuracy.