Anomaly Based Host Intrusion Detection System using semantic based system call patterns

The Host Based Intrusion Detection System (HIDS) is to prevent the host system from being compromised by intruders. To prevent the execution of malicious codes on the host, HIDS monitors the system audit and event logs. But the design of HIDS is very challenging due to the presence of high false alarm rate. This paper mainly focuses on reducing the problem of false alarm rate, using semantic based system call patterns. Here, we make use of the semantic approach to apply on the underlying kernel level system calls which can help understand the anomaly behavior. The semantic tool used is the data dictionary. The data dictionary containing every possible combinations of sequence of system call names of particular phrase length was constructed. The features satisfying the semantic hypothesis are extracted and then normalized. The normalized values are then given as input to the decision engine. The decision engine used is the Extreme Learning Machine - a new type of neural network. Performance was evaluated using the modern ADFA-LD dataset.