Abstract
System call analysis is based on a behavior-oriented anomaly detection technique, which is well accepted due to its consistent performance. This study compares two popular algorithms long short-term memory (LSTM) sequence to sequence (Seq-Seq), and one-class support vector machines (OCSVM) for anomalous system call sequences detection. The proposed framework monitors running processes to recognize compromised virtual machines in hypervisor-based systems. The evaluated results show the comparative analysis and effectiveness of feature extraction strategies and anomaly detection algorithms based on their high detection accuracy and with a low loss. This study demonstrates a comparative analysis of detecting anomalous behavior in any process using OCSVM and LSTM Seq-Seq algorithms. A bag-of-2-g with PCA feature extraction strategy and LSTM Seq-Seq with a sequence length of five provides higher detection accuracy of 97.2%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Peddoju SK, Upadhyay H, Lagos L (2020) File integrity monitoring tools: issues, challenges, and solutions. Concurr Comput Pract Exper e5825. https://doi.org/https://doi.org/10.1002/cpe.5825
Suresh Kumar P, Ramachandram S (2019) Fuzzy-based integration of security and trust in distributed computing. In: Soft computing for problem solving. Advances in intelligent systems and computing, vol 816. Springer, Singapore
Ligh MH, Case A, Levy J, Walters A (2014) The art of memory forensics
Xen Project (2013) available at https://www.xenproject.org/
Hizver J, Chiueh T (2014) Real-time deep virtual machine introspection and its applications.ACM SIGPLAN Notices 49(7)
Egele M, Scholte T, Kirda E, Kruegel C (2008) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv
Suresh Kumar P, Ramachandram S (2017)Fuzzy based integration of security and trust in distributed computing. In: Proceedings of Springer 7th international conference soft computing for problem solving (SocProS’2017). Indian Institute of Technology, Bhubaneswar, December 2017
Forrest S, Hofmeyr S, Somayaji A, Longstaff T (1996) A sense of self for UNIX processes. In: IEEE Security and Privacy
Joshi N, Choksi DB (2014) Implementation of process forensic for system calls. Int J Adv Res Eng Technol (IJARET) 5(6):77–82. ISSN 0976–6480(Print), ISSN 0976–6499
Lee W, Stolfo S, Mok K (1999) A data mining framework for building intrusion detection models. In: IEEE symposium on security and privacy, pp 120–132
Mahoney M, Chan P (2001) Detecting novel attacks by identifying anomalous network packet headers. Technical Report CS-2001-2
Suresh Kumar P, Pranavi S (2017) Performance analysis of machine learning algorithms on diabetes dataset using big data analytics. In: Proceedings of IEEE 2017 international conference on infocom technologies and unmanned systems (ICTUS’2017), Dubai, United Arab Emirates (UAE), December 2017, pp 580–585
Rishika Reddy A, Suresh Kumar P (2016) Predictive big data analytics in healthcare. In: Proceedings of IEEE 2016 second international conference on computational intelligence & communication technology (CICT), Ghaziabad, pp 623–626
Moser A, Kruegel C, Kirda E (2007) Limits of static analysis for malware detection. In: Annual computer security applications conference, ACSAC
Ye N, Li X, Chen Q, Emran SM, Xu M (2001) Probabilistic techniques for intrusion detection based on computer audit data. In: IEEE transactions on systems, man, and cybernetics
Zhang Q, Reeves D (2007) Metaaware: identifying metamorphic malware. In: Annual computer security applications conference.
Kang D-K, Fuller D, Honavar V (2005) Learning classifiers for misuse and anomaly detection using a bag of system calls representation. In: Annual information assurance workshop
Xiao H, Stibor T (2011) A supervised topic transition model for detecting malicious system call sequences. In: The workshop on knowledge discovery, modeling, and simulation
Debar H, Becker M, Siboni D (1992) A neural network component for an intrusion detection system. In: Proceedings of 1992 IEEE computer society symposium on research in security and privacy, pp 240–250. IEEE
Ryan J, Lin M-J, Miikkulainen R (1998) Intrusion detection with neural networks. Adv Neural Inform Proces Syst 943–949
Mukkamala S, Janoski G, Sung A (2002) Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 international joint conference on neural networks, 2002. IJCNN’02, vol 2, pp 1702–1707. IEEE
Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst Appl 37(9):6225–6232
Creech G, Jiankun Hu (2014) A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns. IEEE Trans Comput 63(4):807–819
Suresh Kumar P, Upadhyay H, Bansali S (2019) Health monitoring with low power IoT devices using anomaly detection algorithm. In: IEEE conference SLICE-2019, Rome, Italy
Staudemeyer RC (2015) Applying long short-term memory recurrent neural networks to intrusion detection. South African Comput J 56(1):136–154
Staudemeyer RC, Omlin CW (2013) Evaluating performance of long short-term memory recurrent neural networks on intrusion detection data. In: Proceedings of the South African institute for computer scientists and information technologists conference, pp 218–224. ACM
Soni J, Prabakar N, Upadhyay H (2019) Deep learning approach to detect malicious attacks at system level. In: WiSec’19: Proceedings of 12th ACM conference on security & privacy in wireless and mobile networks, May 15–17, 2019, Miami, FL, USA, 2p
Soni J, Prabakar N (2018) Effective machine learning approach to detect groups of fake reviewers. In: Proceedings of the 14th international conference on data science (ICDATA’18), Las Vegas, NV
Soni J, Prabakar N, Upadhyay H (2019) Feature extraction through deepwalk on weighted graph. In: Proceedings of the 15th international conference on data science (ICDATA’19), Las Vegas, NV
Soni J, Prabakar N, Kim J-H (2017) Prediction of component failures of telepresence robot with temporal data. In: 30th Florida conference on recent advances in robotics
Thejas GS, Soni J, Chandna K, Iyengar SS, Sunitha NR, Prabakar N (2019) Learning-based model to fight against fake like clicks on Instagram posts. In: SoutheastCon 2019. Huntsville, Alabama, USA. In Press
Tejaswi U, Suresh Kumar P (2016) Diagnosing diabetes using data mining techniques. Int J Sci Res Publ 7(6):705–709
Chaudhary A, Peddoju SK, Peddoju SK (2020) Cloud based wireless infrastructure for health monitoring. Virt Mob Healthcare 34–55
Peddoju SK, Kavitha K, Sharma SC (2019) Big data analytics for childhood pneumonia monitoring. In: IGI global edited book, 2019, pp 1–17
Peddoju SK, Upadhyay H (2020) Evaluation of IoT data visualization tools and techniques. Data visualization. Springer, Berlin
Peddoju SK, Upadhyay H, Soni J, Prabakar N (2020) Natural language processing based anomalous system call sequences detection with virtual memory introspection. Int J Adv Comput Sci Appl (IJACSA) 11(5). http://dx.doi.org/https://doi.org/10.14569/IJACSA.2020.0110559
Bahdanau D, Cho K, Bengio Y (2014) Neural machine translation by jointly learning to align and translate. Comput Sci
Schölkopf B, Platt JC, Shawe-Taylor J, Smola AJ, Williamson RC (2001)Estimating the support of a high-dimensional distribution. Neural Comput 13(7):1443–1471
Acknowledgements
This work is supported by TRMC, USA.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Soni, J., Peddoju, S.K., Prabakar, N., Upadhyay, H. (2021). Comparative Analysis of LSTM, One-Class SVM, and PCA to Monitor Real-Time Malware Threats Using System Call Sequences and Virtual Machine Introspection. In: Bindhu, V., Tavares, J.M.R.S., Boulogeorgos, AA.A., Vuppalapati, C. (eds) International Conference on Communication, Computing and Electronics Systems. Lecture Notes in Electrical Engineering, vol 733. Springer, Singapore. https://doi.org/10.1007/978-981-33-4909-4_9
Download citation
DOI: https://doi.org/10.1007/978-981-33-4909-4_9
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-33-4908-7
Online ISBN: 978-981-33-4909-4
eBook Packages: EngineeringEngineering (R0)