Host-based intrusion detection system with system calls: Review and future trends
M Liu, Z Xue, X Xu, C Zhong, J Chen - ACM computing surveys (CSUR), 2018 - dl.acm.org
In a contemporary data center, Linux applications often generate a large quantity of real-time
system call traces, which are not suitable for traditional host-based intrusion detection …
system call traces, which are not suitable for traditional host-based intrusion detection …
Unicorn: Runtime provenance-based detector for advanced persistent threats
Advanced Persistent Threats (APTs) are difficult to detect due to their" low-and-slow" attack
patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based …
patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based …
[HTML][HTML] NLP methods in host-based intrusion detection Systems: A systematic review and future directions
Abstract Host-based Intrusion Detection System (HIDS) is an effective last line of defense for
defending against cyber security attacks after perimeter defenses (eg, Network-based …
defending against cyber security attacks after perimeter defenses (eg, Network-based …
Cyber intrusion detection by combined feature selection algorithm
Due to the widespread diffusion of network connectivity, the demand for network security
and protection against cyber-attacks is ever increasing. Intrusion detection systems (IDS) …
and protection against cyber-attacks is ever increasing. Intrusion detection systems (IDS) …
[PDF][PDF] You Are What You Do: Hunting Stealthy Malware via Data Provenance Analysis.
To subvert recent advances in perimeter and host security, the attacker community has
developed and employed various attack vectors to make a malware much stealthier than …
developed and employed various attack vectors to make a malware much stealthier than …
Hercule: Attack story reconstruction via community discovery on correlated log graph
Advanced cyber attacks consist of multiple stages aimed at being stealthy and elusive. Such
attack patterns leave their footprints spatio-temporally dispersed across many different logs …
attack patterns leave their footprints spatio-temporally dispersed across many different logs …
Semantics-based online malware detection: Towards efficient real-time protection against malware
Recently, malware has increasingly become a critical threat to embedded systems, while the
conventional software solutions, such as antivirus and patches, have not been so successful …
conventional software solutions, such as antivirus and patches, have not been so successful …
Sysfilter: Automated system call filtering for commodity software
N DeMarinis, K Williams-King, D **… - … on Research in Attacks …, 2020 - usenix.org
Modern OSes provide a rich set of services to applications, primarily accessible via the
system call API, to support the ever growing functionality of contemporary software …
system call API, to support the ever growing functionality of contemporary software …
An anomaly detection system based on variable N-gram features and one-class SVM
Context: Run-time detection of system anomalies at the host level remains a challenging
task. Existing techniques suffer from high rates of false alarms, hindering large-scale …
task. Existing techniques suffer from high rates of false alarms, hindering large-scale …
Real-time system call-based ransomware detection
Ransomware, particularly crypto ransomware, has emerged as the go-to malware for threat
actors aiming to compromise data on Android devices as well as in general. In this paper …
actors aiming to compromise data on Android devices as well as in general. In this paper …