Cargando…
Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems
Research into Intrusion and Anomaly Detectors at the Host level typically pays much attention to extracting attributes from system call traces. These include window-based, Hidden Markov Models, and sequence-model-based attributes. Recently, several works have been focusing on sequence-model-based fe...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Springer International Publishing
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10077957/ https://www.ncbi.nlm.nih.gov/pubmed/37035459 http://dx.doi.org/10.1007/s44248-023-00002-y |
| _version_ | 1785020410671136768 |
|---|---|
| author | Mvula, Paul K. Branco, Paula Jourdan, Guy-Vincent Viktor, Herna L. |
| author_facet | Mvula, Paul K. Branco, Paula Jourdan, Guy-Vincent Viktor, Herna L. |
| author_sort | Mvula, Paul K. |
| collection | PubMed |
| description | Research into Intrusion and Anomaly Detectors at the Host level typically pays much attention to extracting attributes from system call traces. These include window-based, Hidden Markov Models, and sequence-model-based attributes. Recently, several works have been focusing on sequence-model-based feature extractors, specifically Word2Vec and GloVe, to extract embeddings from the system call traces due to their ability to capture semantic relationships among system calls. However, due to the nature of the data, these extractors introduce inconsistencies in the extracted features, causing the Machine Learning models built on them to yield inaccurate and potentially misleading results. In this paper, we first highlight the research challenges posed by these extractors. Then, we conduct experiments with new feature sets assessing their suitability to address the detected issues. Our experiments show that Word2Vec is prone to introducing more duplicated samples than GloVe. Regarding the solutions proposed, we found that concatenating the embedding vectors generated by Word2Vec and GloVe yields the overall best balanced accuracy. In addition to resolving the challenge of data leakage, this approach enables an improvement in performance relative to other alternatives. |
| format | Online Article Text |
| id | pubmed-10077957 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | Springer International Publishing |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-100779572023-04-07 Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems Mvula, Paul K. Branco, Paula Jourdan, Guy-Vincent Viktor, Herna L. Discov Data Research Research into Intrusion and Anomaly Detectors at the Host level typically pays much attention to extracting attributes from system call traces. These include window-based, Hidden Markov Models, and sequence-model-based attributes. Recently, several works have been focusing on sequence-model-based feature extractors, specifically Word2Vec and GloVe, to extract embeddings from the system call traces due to their ability to capture semantic relationships among system calls. However, due to the nature of the data, these extractors introduce inconsistencies in the extracted features, causing the Machine Learning models built on them to yield inaccurate and potentially misleading results. In this paper, we first highlight the research challenges posed by these extractors. Then, we conduct experiments with new feature sets assessing their suitability to address the detected issues. Our experiments show that Word2Vec is prone to introducing more duplicated samples than GloVe. Regarding the solutions proposed, we found that concatenating the embedding vectors generated by Word2Vec and GloVe yields the overall best balanced accuracy. In addition to resolving the challenge of data leakage, this approach enables an improvement in performance relative to other alternatives. Springer International Publishing 2023-03-30 2023 /pmc/articles/PMC10077957/ /pubmed/37035459 http://dx.doi.org/10.1007/s44248-023-00002-y Text en © The Author(s) 2023 https://creativecommons.org/licenses/by/4.0/Open AccessThis article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ (https://creativecommons.org/licenses/by/4.0/) . |
| spellingShingle | Research Mvula, Paul K. Branco, Paula Jourdan, Guy-Vincent Viktor, Herna L. Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems |
| title | Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems |
| title_full | Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems |
| title_fullStr | Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems |
| title_full_unstemmed | Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems |
| title_short | Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems |
| title_sort | evaluating word embedding feature extraction techniques for host-based intrusion detection systems |
| topic | Research |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10077957/ https://www.ncbi.nlm.nih.gov/pubmed/37035459 http://dx.doi.org/10.1007/s44248-023-00002-y |
| work_keys_str_mv | AT mvulapaulk evaluatingwordembeddingfeatureextractiontechniquesforhostbasedintrusiondetectionsystems AT brancopaula evaluatingwordembeddingfeatureextractiontechniquesforhostbasedintrusiondetectionsystems AT jourdanguyvincent evaluatingwordembeddingfeatureextractiontechniquesforhostbasedintrusiondetectionsystems AT viktorhernal evaluatingwordembeddingfeatureextractiontechniquesforhostbasedintrusiondetectionsystems |