Anomaly intrusion detection in Host-based Intrusion Detection System (HIDS) is a process intended to monitor operations on a host to identify behaviors that differ from a “normal ” system behavior. System call based HIDS uses traces of calls to represent the behavior of a system. Due to the volume of data generated by applications and the operating system, sliding windows are applied in order to asses an online environment, allowing intrusions to be detected in real time while being still executed. The respective study explores the impact that the size of the observation window has on Machine Learning (ML) one-class algorithms.
To improve detection accuracy, Utilizing HMM (Hidden Markov model) and BW to building model, the detection accuracy improves greatly. First, the research progress of intrusion detection is recalled, then the model based on Markov and BW is presented. An example of using system call trace data which is used in intrusion detection, is given to illustrate the performance of this model. Finally, comparison of detection ability between the above detection method and others is given. It is found that the IDS based on HMM System Call sequence has improve the accuracy greatly.
Sliding Window: The Impact of Trace Size in Anomaly Detection System for Containers Through Machine Learning
