Host-based anomaly detection for identifying attacks typically analyzes sequences or frequencies of system calls. However, most of the known approaches ignore the fact that software in modern IT systems is multithreaded so that different system calls may belong to different threads and users. In this work, we show that anomaly detection algorithms can be improved by considering thread information. For this purpose, we extend seven algorithms and comparatively evaluate their effectiveness with and without the use of thread information. The evaluation is based on the LID-DS dataset providing suitable thread information.
CITATION STYLE
Grimmer, M., Kaelble, T., & Rahm, E. (2022). Improving Host-Based Intrusion Detection Using Thread Information. In Communications in Computer and Information Science (Vol. 1403 CCIS, pp. 159–177). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-93956-4_10
Mendeley helps you to discover research relevant for your work.