SemOpenAlex |

SemOpenAlex

Matches in SemOpenAlex for { <https://semopenalex.org/work/W3126895910> ?p ?o ?g. }

Showing items 1 to 84 of 84 with 100 items per page.

W3126895910 abstract "Much research is concentrated on improving models for host-based intrusion detection systems (HIDS). Typically, such research aims at improving a model’s results (e.g., reducing the false positive rate) in the familiar static training/testing environment using the standard data sources. Matching advancements in the machine learning community, researchers in the syscall HIDS domain have developed many complex and powerful syscall-based models to serve as anomaly detectors. These models typically show an impressive level of accuracy while emphasizing on minimizing the false positive rate. However, with each proposed model iteration, we get further from the setting in which these models are intended to operate. As kernels become more ornate and hardened, the implementation space for anomaly detection models is narrowing. Furthermore, the rapid advancement of operating systems and the underlying complexity introduced dictate that the sometimes decades-old datasets have long been obsolete. In this paper, we attempt to bridge the gap between theoretical models and their intended application environments by examining the recent Linux kernel 5.7.0-rc1. In this setting, we examine the feasibility of syscall-based HIDS in modern operating systems and the constraints imposed on the HIDS developer. We discuss how recent advancements to the kernel have eliminated the previous syscall trace collect method of writing syscall table wrappers, and propose a new approach to generate data and place our detection model. Furthermore, we present the specific execution time and memory constraints that models must meet in order to be operable within their intended settings. Finally, we conclude with preliminary results from our model, which primarily show that in-kernel machine learning models are feasible, depending on their complexity." @default.
W3126895910 created "2021-02-15" @default.
W3126895910 creator A5003034970 @default.
W3126895910 creator A5051761714 @default.
W3126895910 creator A5061123930 @default.
W3126895910 creator A5071262001 @default.
W3126895910 date "2020-10-01" @default.
W3126895910 modified "2023-09-23" @default.
W3126895910 title "A Modern Implementation of System Call Sequence Based Host-based Intrusion Detection Systems" @default.
W3126895910 cites W1981738628 @default.
W3126895910 cites W2109969076 @default.
W3126895910 cites W2129860818 @default.
W3126895910 cites W2135143063 @default.
W3126895910 cites W2239647876 @default.
W3126895910 cites W245277704 @default.
W3126895910 cites W2988790801 @default.
W3126895910 cites W3136767761 @default.
W3126895910 cites W2773175795 @default.
W3126895910 doi "https://doi.org/10.1109/tps-isa50397.2020.00037" @default.
W3126895910 hasPublicationYear "2020" @default.
W3126895910 type Work @default.
W3126895910 sameAs 3126895910 @default.
W3126895910 citedByCount "3" @default.
W3126895910 countsByYear W31268959102021 @default.
W3126895910 countsByYear W31268959102022 @default.
W3126895910 countsByYear W31268959102023 @default.
W3126895910 crossrefType "proceedings-article" @default.
W3126895910 hasAuthorship W3126895910A5003034970 @default.
W3126895910 hasAuthorship W3126895910A5051761714 @default.
W3126895910 hasAuthorship W3126895910A5061123930 @default.
W3126895910 hasAuthorship W3126895910A5071262001 @default.
W3126895910 hasConcept C111919701 @default.
W3126895910 hasConcept C114614502 @default.
W3126895910 hasConcept C119857082 @default.
W3126895910 hasConcept C124101348 @default.
W3126895910 hasConcept C126831891 @default.
W3126895910 hasConcept C138885662 @default.
W3126895910 hasConcept C154945302 @default.
W3126895910 hasConcept C18903297 @default.
W3126895910 hasConcept C2778579508 @default.
W3126895910 hasConcept C33923547 @default.
W3126895910 hasConcept C35525427 @default.
W3126895910 hasConcept C41008148 @default.
W3126895910 hasConcept C41895202 @default.
W3126895910 hasConcept C45235069 @default.
W3126895910 hasConcept C739882 @default.
W3126895910 hasConcept C74193536 @default.
W3126895910 hasConcept C75291252 @default.
W3126895910 hasConcept C86803240 @default.
W3126895910 hasConceptScore W3126895910C111919701 @default.
W3126895910 hasConceptScore W3126895910C114614502 @default.
W3126895910 hasConceptScore W3126895910C119857082 @default.
W3126895910 hasConceptScore W3126895910C124101348 @default.
W3126895910 hasConceptScore W3126895910C126831891 @default.
W3126895910 hasConceptScore W3126895910C138885662 @default.
W3126895910 hasConceptScore W3126895910C154945302 @default.
W3126895910 hasConceptScore W3126895910C18903297 @default.
W3126895910 hasConceptScore W3126895910C2778579508 @default.
W3126895910 hasConceptScore W3126895910C33923547 @default.
W3126895910 hasConceptScore W3126895910C35525427 @default.
W3126895910 hasConceptScore W3126895910C41008148 @default.
W3126895910 hasConceptScore W3126895910C41895202 @default.
W3126895910 hasConceptScore W3126895910C45235069 @default.
W3126895910 hasConceptScore W3126895910C739882 @default.
W3126895910 hasConceptScore W3126895910C74193536 @default.
W3126895910 hasConceptScore W3126895910C75291252 @default.
W3126895910 hasConceptScore W3126895910C86803240 @default.
W3126895910 hasLocation W31268959101 @default.
W3126895910 hasOpenAccess W3126895910 @default.
W3126895910 hasPrimaryLocation W31268959101 @default.
W3126895910 hasRelatedWork W10841817 @default.
W3126895910 hasRelatedWork W11100131 @default.
W3126895910 hasRelatedWork W1132564 @default.
W3126895910 hasRelatedWork W12367402 @default.
W3126895910 hasRelatedWork W1363407 @default.
W3126895910 hasRelatedWork W1539027 @default.
W3126895910 hasRelatedWork W264604 @default.
W3126895910 hasRelatedWork W3708406 @default.
W3126895910 hasRelatedWork W6909284 @default.
W3126895910 hasRelatedWork W7613470 @default.
W3126895910 isParatext "false" @default.
W3126895910 isRetracted "false" @default.
W3126895910 magId "3126895910" @default.
W3126895910 workType "article" @default.