24,023 research outputs found
Applying Bag of System Calls for Anomalous Behavior Detection of Applications in Linux Containers
In this paper, we present the results of using bags of system calls for
learning the behavior of Linux containers for use in anomaly-detection based
intrusion detection system. By using system calls of the containers monitored
from the host kernel for anomaly detection, the system does not require any
prior knowledge of the container nature, neither does it require altering the
container or the host kernel.Comment: Published version available on IEEE Xplore
(http://ieeexplore.ieee.org/document/7414047/) arXiv admin note: substantial
text overlap with arXiv:1611.0305
Applications of Machine Learning to Threat Intelligence, Intrusion Detection and Malware
Artificial Intelligence (AI) and Machine Learning (ML) are emerging technologies with applications to many fields. This paper is a survey of use cases of ML for threat intelligence, intrusion detection, and malware analysis and detection. Threat intelligence, especially attack attribution, can benefit from the use of ML classification. False positives from rule-based intrusion detection systems can be reduced with the use of ML models. Malware analysis and classification can be made easier by developing ML frameworks to distill similarities between the malicious programs. Adversarial machine learning will also be discussed, because while ML can be used to solve problems or reduce analyst workload, it also introduces new attack surfaces
- …