COMBINATION OF MULTI-CHANNEL CNN AND BiLSTM FOR HOST-BASED INTRUSION DETECTION

Diep Nguyen Ngoc

Abstract


A significant increase of intrusion events over the years imposes a
challenge on the robust intrusion detection system. In a computer system, execution traces of its programs can be audited as sequences of
system calls and provide a rich and expressive source of data to identify
anomalous activities. This paper presents a deep learning model, which
combines multi-channel CNN and bidirectional LSTM (BiLSTM) models,
to detect abnormal executions in host-based intrusion detection systems.
Multi-channel CNN with word embedding can in large extent be used to
extract relationship features of system calls. Meanwhile, BiLSTM enables
our model to understand the context of system call sequences thanks to
capturing long-distance dependencies across the sequences. The integration of these two models leads to the efficient and effective detection
of abnormal behaviors of a system. Experiment results on ADFA-LD
dataset show that our approach outperforms other methods.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.