We present a new Host-based Intrusion Detection System (IDS) that monitors accesses to the Microsoft Windows Registry using Registry Anomaly Detection (RAD). Our system uses a one class Support Vector Machine (OCSVM) to detect anomalous registry behavior by training on a dataset of normal registry accesses. It then uses this model to detect outliers in new (unclassified) data generated from the...

The goal of a this IDS is to identify malicious behaviour that targets a network or a host and its resources. Intrusion detection parameters are numerous and in many cases they present uncertain and imprecise causal relationships which can affect attack types. A Bayesian Network here used is a graphical modeling tool which used to model decision problems containing uncertainty. BN and K2 learni...

predicting different behaviors in computer networks is the subject of many data mining researches. providing a balanced intrusion detection system (ids) that directly addresses the trade-off between the ability to detect new attack types and providing low false detection rate is a fundamental challenge. many of the proposed methods perform well in one of the two aspects, and concentrate on a su...

Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a realtime host-based intrusion detection system that can be used to passively detect malfeasance against applications within ...

Application features like port numbers are used by Network-based Intrusion Detection Systems (NIDSs) to detect attacks coming from networks. System calls and the operating system related information are used by Host-based Intrusion Detection Systems (HIDSs) to detect intrusions toward a host. However, the relationship between hardware architecture events and Denial-of-Service (DoS) attacks has ...

Windows NT has become the dominant desktop platform. To date, host-based intrusion detection research has focused on Unixavored platforms. As a result, we have a large gap between the platform people use in practice and the platforms on which intrusion detection research is active. In this paper, we examine the feasibility of applying host-based intrusion detection to the Windows NT platform. S...

Anomaly-based intrusion detection is about discerning intrusive and normal patterns of activities based on the normality characterization of information systems. The common goal of anomaly-based intrusion detection is to detect intrusive attacks as many as possible with fewer false alerts. Generally, our work is to study effective models, methods and techniques for anomaly-based intrusion detec...