Evaluating Host-Based Anomaly Detection Systems: Application of the Frequency-Based Algorithms to ADFA-LD

No Thumbnail Available
File version
Author(s)
Xie, Miao
Hu, Jiankun
Yu, Xinghuo
Chang, Elizabeth
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)

Au, MH

Carminati, B

Kuo, CCJ

Date
2014
Size
File type(s)
Location

Xi'an, China

License
Abstract

ADFA Linux data set (ADFA-LD) is released recently for substituting the existing benchmark data sets in the area of host-based anomaly detection which have lost most of their relevance to modern computer systems. ADFA-LD is composed of thousands of system call traces collected from a contemporary Linux local server, with six types of up-to-date cyber attack involved. Previously, we have conducted a preliminary analysis of ADFA-LD, and shown that the frequency-based algorithms can be realised at a cheaper computational cost in contrast with the short sequence-based algorithms, while achieving an acceptable performance. In this paper, we further exploit the potential of the frequency-based algorithms, in attempts to reduce the dimension of the frequency vectors and identify the optimal distance functions. Two typical frequency-based algorithms, i.e., k-nearest neighbour (kNN) and k-means clustering (kMC), are applied to validate the effectiveness and efficiency.

Journal Title
Conference Title

Network and System Security: 8th International Conference, NSS 2014, Xi'an, China, October 15-17, 2014. Proceedings

Book Title
Edition
Volume

8792

Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
Item Access Status
Note
Access the data
Related item(s)
Subject

Information and computing sciences

Science & Technology

Technology

Computer Science, Information Systems

Computer Science, Theory & Methods

Computer Science

Persistent link to this record
Citation

Xie, M; Hu, J; Yu, X; Chang, E, Evaluating Host-Based Anomaly Detection Systems: Application of the Frequency-Based Algorithms to ADFA-LD, Network and System Security: 8th International Conference, NSS 2014, Xi'an, China, October 15-17, 2014. Proceedings, 2014, 8792, pp. 542-549