Developing Cross-Domain Host-Based Intrusion Detection

Digital transformation has continued to have a remarkable impact on industries, creating new possibilities and improving the performance of existing ones. Recently, we have seen more deployments of cyber-physical systems and the Internet of Things (IoT) as in no other time. However, cybersecurity is...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Electronics (Basel) 2022-11, Vol.11 (21), p.3631
Hauptverfasser:	Ajayi, Oluwagbemiga, Gangopadhyay, Aryya, Erbacher, Robert F., Bursat, Carl
Format:	Artikel
Sprache:	eng
Schlagworte:	Algorithms Artificial intelligence Classification Cyber-physical systems Cybercrime Cybersecurity Cyberterrorism Data integrity Data security Datasets Decision making Deep learning Domain names Domains Internet Internet of Things Intrusion detection systems Machine learning Methods Neural networks Performance enhancement Prevention Safety and security measures
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue	21
container_start_page	3631
container_title	Electronics (Basel)
container_volume	11
creator	Ajayi, Oluwagbemiga Gangopadhyay, Aryya Erbacher, Robert F. Bursat, Carl
description	Digital transformation has continued to have a remarkable impact on industries, creating new possibilities and improving the performance of existing ones. Recently, we have seen more deployments of cyber-physical systems and the Internet of Things (IoT) as in no other time. However, cybersecurity is often an afterthought in the design and implementation of many systems; therefore, there usually is an introduction of new attack surfaces as new systems and applications are being deployed. Machine learning has been helpful in creating intrusion detection models, but it is impractical to create attack detection models with acceptable performance for every single computing infrastructure and the various attack scenarios due to the cost of collecting quality labeled data and training models. Hence, there is a need to develop models that can take advantage of knowledge available in a high resource source domain to improve performance of a low resource target domain model. In this work, we propose a novel cross-domain deep learning-based approach for attack detection in Host-based Intrusion Detection Systems (HIDS). Specifically, we developed a method for candidate source domain selection from among a group of potential source domains by computing the similarity score a target domain records when paired with a potential source domain. Then, using different word embedding space combination techniques and transfer learning approach, we leverage the knowledge from a well performing source domain model to improve the performance of a similar model in the target domain. To evaluate our proposed approach, we used Leipzig Intrusion Detection Dataset (LID-DS), a HIDS dataset recorded on a modern operating system that consists of different attack scenarios. Our proposed cross-domain approach recorded significant improvement in the target domains when compared with the results from in-domain approach experiments. Based on the result, the F2-score of the target domain CWE-307 improved from 80% in the in-domain approach to 87% in the cross-domain approach while the target domain CVE-2014-0160 improved from 13% to 85%.
doi_str_mv	10.3390/electronics11213631
format	Article
fullrecord	<record><control><sourceid>gale_proqu</sourceid><recordid>TN_cdi_proquest_journals_2734621911</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><galeid>A745598028</galeid><sourcerecordid>A745598028</sourcerecordid><originalsourceid>FETCH-LOGICAL-c361t-88bee27950027575fdaf30607d8cca5aa18f9166e0a041eb6450c6611f12198a3</originalsourceid><addsrcrecordid>eNptUMFKAzEQDaJgqf0CLwuet2aS3WxyrF21hYIXPS9pdlJStklNtoJ_b0o9eHDmMI_hvXm8IeQe6JxzRR9xQDPG4J1JAAy44HBFJow2qlRMses_-JbMUtrTXAq45HRCRItfOISj87tiGUNKZRsO2vliFdJYPumEfbH2YzwlF3zR4pi9MrojN1YPCWe_c0o-Xp7fl6ty8_a6Xi42peECxlLKLSJrVE0pa-qmtr22nAra9NIYXWsN0ioQAqmmFeBWVDU1QgDYHERJzafk4XL3GMPnCdPY7cMp-mzZsYZXIrMAMmt-Ye30gJ3zNoxRm9w9HpwJHq3L-0VT1bWSlMks4BeBOUeOaLtjdAcdvzug3fmp3T9P5T9j2GtJ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2734621911</pqid></control><display><type>article</type><title>Developing Cross-Domain Host-Based Intrusion Detection</title><source>MDPI - Multidisciplinary Digital Publishing Institute</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Ajayi, Oluwagbemiga ; Gangopadhyay, Aryya ; Erbacher, Robert F. ; Bursat, Carl</creator><creatorcontrib>Ajayi, Oluwagbemiga ; Gangopadhyay, Aryya ; Erbacher, Robert F. ; Bursat, Carl</creatorcontrib><description>Digital transformation has continued to have a remarkable impact on industries, creating new possibilities and improving the performance of existing ones. Recently, we have seen more deployments of cyber-physical systems and the Internet of Things (IoT) as in no other time. However, cybersecurity is often an afterthought in the design and implementation of many systems; therefore, there usually is an introduction of new attack surfaces as new systems and applications are being deployed. Machine learning has been helpful in creating intrusion detection models, but it is impractical to create attack detection models with acceptable performance for every single computing infrastructure and the various attack scenarios due to the cost of collecting quality labeled data and training models. Hence, there is a need to develop models that can take advantage of knowledge available in a high resource source domain to improve performance of a low resource target domain model. In this work, we propose a novel cross-domain deep learning-based approach for attack detection in Host-based Intrusion Detection Systems (HIDS). Specifically, we developed a method for candidate source domain selection from among a group of potential source domains by computing the similarity score a target domain records when paired with a potential source domain. Then, using different word embedding space combination techniques and transfer learning approach, we leverage the knowledge from a well performing source domain model to improve the performance of a similar model in the target domain. To evaluate our proposed approach, we used Leipzig Intrusion Detection Dataset (LID-DS), a HIDS dataset recorded on a modern operating system that consists of different attack scenarios. Our proposed cross-domain approach recorded significant improvement in the target domains when compared with the results from in-domain approach experiments. Based on the result, the F2-score of the target domain CWE-307 improved from 80% in the in-domain approach to 87% in the cross-domain approach while the target domain CVE-2014-0160 improved from 13% to 85%.</description><identifier>ISSN: 2079-9292</identifier><identifier>EISSN: 2079-9292</identifier><identifier>DOI: 10.3390/electronics11213631</identifier><language>eng</language><publisher>Basel: MDPI AG</publisher><subject>Algorithms ; Artificial intelligence ; Classification ; Cyber-physical systems ; Cybercrime ; Cybersecurity ; Cyberterrorism ; Data integrity ; Data security ; Datasets ; Decision making ; Deep learning ; Domain names ; Domains ; Internet ; Internet of Things ; Intrusion detection systems ; Machine learning ; Methods ; Neural networks ; Performance enhancement ; Prevention ; Safety and security measures</subject><ispartof>Electronics (Basel), 2022-11, Vol.11 (21), p.3631</ispartof><rights>COPYRIGHT 2022 MDPI AG</rights><rights>2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c361t-88bee27950027575fdaf30607d8cca5aa18f9166e0a041eb6450c6611f12198a3</citedby><cites>FETCH-LOGICAL-c361t-88bee27950027575fdaf30607d8cca5aa18f9166e0a041eb6450c6611f12198a3</cites><orcidid>0000-0002-4796-6086</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27903,27904</link.rule.ids></links><search><creatorcontrib>Ajayi, Oluwagbemiga</creatorcontrib><creatorcontrib>Gangopadhyay, Aryya</creatorcontrib><creatorcontrib>Erbacher, Robert F.</creatorcontrib><creatorcontrib>Bursat, Carl</creatorcontrib><title>Developing Cross-Domain Host-Based Intrusion Detection</title><title>Electronics (Basel)</title><description>Digital transformation has continued to have a remarkable impact on industries, creating new possibilities and improving the performance of existing ones. Recently, we have seen more deployments of cyber-physical systems and the Internet of Things (IoT) as in no other time. However, cybersecurity is often an afterthought in the design and implementation of many systems; therefore, there usually is an introduction of new attack surfaces as new systems and applications are being deployed. Machine learning has been helpful in creating intrusion detection models, but it is impractical to create attack detection models with acceptable performance for every single computing infrastructure and the various attack scenarios due to the cost of collecting quality labeled data and training models. Hence, there is a need to develop models that can take advantage of knowledge available in a high resource source domain to improve performance of a low resource target domain model. In this work, we propose a novel cross-domain deep learning-based approach for attack detection in Host-based Intrusion Detection Systems (HIDS). Specifically, we developed a method for candidate source domain selection from among a group of potential source domains by computing the similarity score a target domain records when paired with a potential source domain. Then, using different word embedding space combination techniques and transfer learning approach, we leverage the knowledge from a well performing source domain model to improve the performance of a similar model in the target domain. To evaluate our proposed approach, we used Leipzig Intrusion Detection Dataset (LID-DS), a HIDS dataset recorded on a modern operating system that consists of different attack scenarios. Our proposed cross-domain approach recorded significant improvement in the target domains when compared with the results from in-domain approach experiments. Based on the result, the F2-score of the target domain CWE-307 improved from 80% in the in-domain approach to 87% in the cross-domain approach while the target domain CVE-2014-0160 improved from 13% to 85%.</description><subject>Algorithms</subject><subject>Artificial intelligence</subject><subject>Classification</subject><subject>Cyber-physical systems</subject><subject>Cybercrime</subject><subject>Cybersecurity</subject><subject>Cyberterrorism</subject><subject>Data integrity</subject><subject>Data security</subject><subject>Datasets</subject><subject>Decision making</subject><subject>Deep learning</subject><subject>Domain names</subject><subject>Domains</subject><subject>Internet</subject><subject>Internet of Things</subject><subject>Intrusion detection systems</subject><subject>Machine learning</subject><subject>Methods</subject><subject>Neural networks</subject><subject>Performance enhancement</subject><subject>Prevention</subject><subject>Safety and security measures</subject><issn>2079-9292</issn><issn>2079-9292</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><recordid>eNptUMFKAzEQDaJgqf0CLwuet2aS3WxyrF21hYIXPS9pdlJStklNtoJ_b0o9eHDmMI_hvXm8IeQe6JxzRR9xQDPG4J1JAAy44HBFJow2qlRMses_-JbMUtrTXAq45HRCRItfOISj87tiGUNKZRsO2vliFdJYPumEfbH2YzwlF3zR4pi9MrojN1YPCWe_c0o-Xp7fl6ty8_a6Xi42peECxlLKLSJrVE0pa-qmtr22nAra9NIYXWsN0ioQAqmmFeBWVDU1QgDYHERJzafk4XL3GMPnCdPY7cMp-mzZsYZXIrMAMmt-Ye30gJ3zNoxRm9w9HpwJHq3L-0VT1bWSlMks4BeBOUeOaLtjdAcdvzug3fmp3T9P5T9j2GtJ</recordid><startdate>20221101</startdate><enddate>20221101</enddate><creator>Ajayi, Oluwagbemiga</creator><creator>Gangopadhyay, Aryya</creator><creator>Erbacher, Robert F.</creator><creator>Bursat, Carl</creator><general>MDPI AG</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L7M</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0002-4796-6086</orcidid></search><sort><creationdate>20221101</creationdate><title>Developing Cross-Domain Host-Based Intrusion Detection</title><author>Ajayi, Oluwagbemiga ; Gangopadhyay, Aryya ; Erbacher, Robert F. ; Bursat, Carl</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c361t-88bee27950027575fdaf30607d8cca5aa18f9166e0a041eb6450c6611f12198a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Algorithms</topic><topic>Artificial intelligence</topic><topic>Classification</topic><topic>Cyber-physical systems</topic><topic>Cybercrime</topic><topic>Cybersecurity</topic><topic>Cyberterrorism</topic><topic>Data integrity</topic><topic>Data security</topic><topic>Datasets</topic><topic>Decision making</topic><topic>Deep learning</topic><topic>Domain names</topic><topic>Domains</topic><topic>Internet</topic><topic>Internet of Things</topic><topic>Intrusion detection systems</topic><topic>Machine learning</topic><topic>Methods</topic><topic>Neural networks</topic><topic>Performance enhancement</topic><topic>Prevention</topic><topic>Safety and security measures</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ajayi, Oluwagbemiga</creatorcontrib><creatorcontrib>Gangopadhyay, Aryya</creatorcontrib><creatorcontrib>Erbacher, Robert F.</creatorcontrib><creatorcontrib>Bursat, Carl</creatorcontrib><collection>CrossRef</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Electronics (Basel)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ajayi, Oluwagbemiga</au><au>Gangopadhyay, Aryya</au><au>Erbacher, Robert F.</au><au>Bursat, Carl</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Developing Cross-Domain Host-Based Intrusion Detection</atitle><jtitle>Electronics (Basel)</jtitle><date>2022-11-01</date><risdate>2022</risdate><volume>11</volume><issue>21</issue><spage>3631</spage><pages>3631-</pages><issn>2079-9292</issn><eissn>2079-9292</eissn><abstract>Digital transformation has continued to have a remarkable impact on industries, creating new possibilities and improving the performance of existing ones. Recently, we have seen more deployments of cyber-physical systems and the Internet of Things (IoT) as in no other time. However, cybersecurity is often an afterthought in the design and implementation of many systems; therefore, there usually is an introduction of new attack surfaces as new systems and applications are being deployed. Machine learning has been helpful in creating intrusion detection models, but it is impractical to create attack detection models with acceptable performance for every single computing infrastructure and the various attack scenarios due to the cost of collecting quality labeled data and training models. Hence, there is a need to develop models that can take advantage of knowledge available in a high resource source domain to improve performance of a low resource target domain model. In this work, we propose a novel cross-domain deep learning-based approach for attack detection in Host-based Intrusion Detection Systems (HIDS). Specifically, we developed a method for candidate source domain selection from among a group of potential source domains by computing the similarity score a target domain records when paired with a potential source domain. Then, using different word embedding space combination techniques and transfer learning approach, we leverage the knowledge from a well performing source domain model to improve the performance of a similar model in the target domain. To evaluate our proposed approach, we used Leipzig Intrusion Detection Dataset (LID-DS), a HIDS dataset recorded on a modern operating system that consists of different attack scenarios. Our proposed cross-domain approach recorded significant improvement in the target domains when compared with the results from in-domain approach experiments. Based on the result, the F2-score of the target domain CWE-307 improved from 80% in the in-domain approach to 87% in the cross-domain approach while the target domain CVE-2014-0160 improved from 13% to 85%.</abstract><cop>Basel</cop><pub>MDPI AG</pub><doi>10.3390/electronics11213631</doi><orcidid>https://orcid.org/0000-0002-4796-6086</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2079-9292
ispartof	Electronics (Basel), 2022-11, Vol.11 (21), p.3631
issn	2079-9292 2079-9292
language	eng
recordid	cdi_proquest_journals_2734621911
source	MDPI - Multidisciplinary Digital Publishing Institute; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects	Algorithms Artificial intelligence Classification Cyber-physical systems Cybercrime Cybersecurity Cyberterrorism Data integrity Data security Datasets Decision making Deep learning Domain names Domains Internet Internet of Things Intrusion detection systems Machine learning Methods Neural networks Performance enhancement Prevention Safety and security measures
title	Developing Cross-Domain Host-Based Intrusion Detection
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-27T03%3A36%3A19IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-gale_proqu&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Developing%20Cross-Domain%20Host-Based%20Intrusion%20Detection&rft.jtitle=Electronics%20(Basel)&rft.au=Ajayi,%20Oluwagbemiga&rft.date=2022-11-01&rft.volume=11&rft.issue=21&rft.spage=3631&rft.pages=3631-&rft.issn=2079-9292&rft.eissn=2079-9292&rft_id=info:doi/10.3390/electronics11213631&rft_dat=%3Cgale_proqu%3EA745598028%3C/gale_proqu%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2734621911&rft_id=info:pmid/&rft_galeid=A745598028&rfr_iscdi=true