pith. sign in

arxiv: 1611.01726 · v1 · pith:3WUUPM7Nnew · submitted 2016-11-06 · 💻 cs.CR · cs.LG

LSTM-Based System-Call Language Modeling and Robust Ensemble Method for Designing Host-Based Intrusion Detection Systems

Gyuwan Kim , Hayoon Yi , Jangho Lee , Yunheung Paek , Sungroh Yoon This is my paper
classification 💻 cs.CR cs.LG
keywords detectionintrusiondesigningmethodsystem-callsystemsensemblehigh
0
0 comments X
read the original abstract

In computer security, designing a robust intrusion detection system is one of the most fundamental and important problems. In this paper, we propose a system-call language-modeling approach for designing anomaly-based host intrusion detection systems. To remedy the issue of high false-alarm rates commonly arising in conventional methods, we employ a novel ensemble method that blends multiple thresholding classifiers into a single one, making it possible to accumulate 'highly normal' sequences. The proposed system-call language model has various advantages leveraged by the fact that it can learn the semantic meaning and interactions of each system call that existing methods cannot effectively consider. Through diverse experiments on public benchmark datasets, we demonstrate the validity and effectiveness of the proposed method. Moreover, we show that our model possesses high portability, which is one of the key aspects of realizing successful intrusion detection systems.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 4 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Evolution of Log-Based Detection Rules in Public Repositories

    cs.CR 2026-05 unverdicted novelty 7.0

    Log-based detection rules in public security repositories change non-monotonically over time, with over half of rules both adding and removing clauses and roughly a quarter to a third alternating between expanding cov...

  2. Evolution of Log-Based Detection Rules in Public Repositories

    cs.CR 2026-05 unverdicted novelty 6.0

    Analysis of 6,859 rule histories shows 56% undergo detection logic revisions, with over half both adding and removing clauses and a quarter to a third alternating between coverage expansion and false-positive reduction.

  3. From Detection to Response: A Deep Learning and Retrieval-Augmented Generation Framework for Network Intrusion Mitigation

    cs.CR 2026-05 unverdicted novelty 4.0

    Ensemble of three binary DNNs classifies network flows as benign, DoS or DDoS at 99.84% and 95.30% accuracy on CICIDS2018 and UNSW-NB15, paired with RAG to generate mitigation reports that outperform vanilla LLM outputs.

  4. System Misuse Detection via Informed Behavior Clustering and Modeling

    cs.CR 2019-07 unverdicted novelty 3.0

    An informed machine learning approach using LSTM networks and expert-driven visual clustering to model normal behavior and detect misuse in system logs.