Skip to main content
Conference Proceedings

Improving Host-Based Intrusion Detection Using Thread Information

Communications in Computer and Information Science (2022) 1403 CCIS 159-177
DOI: 10.1007/978-3-030-93956-4_10
3Citations
Citations of this article
6Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Host-based anomaly detection for identifying attacks typically analyzes sequences or frequencies of system calls. However, most of the known approaches ignore the fact that software in modern IT systems is multithreaded so that different system calls may belong to different threads and users. In this work, we show that anomaly detection algorithms can be improved by considering thread information. For this purpose, we extend seven algorithms and comparatively evaluate their effectiveness with and without the use of thread information. The evaluation is based on the LID-DS dataset providing suitable thread information.

Cite

CITATION STYLE

APA

Grimmer, M., Kaelble, T., & Rahm, E. (2022). Improving Host-Based Intrusion Detection Using Thread Information. In Communications in Computer and Information Science (Vol. 1403 CCIS, pp. 159–177). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-93956-4_10

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free