Ensemble Learning for Low-Level Hardware-Supported Malware Detection

Abstract. Recent work demonstrated hardware-based online malware detection using only low-level features. This detector is envisioned as a first line of defense that prioritizes the application of more expensive and more accurate software detectors. Critical to such a framework is the detection performance of the hardware detector. In this paper, we explore the use of both specialized detectors and ensemble learning tech-niques to improve performance of the hardware detector. The proposed detectors reduce the false positive rate by more than half compared to a single detector, while increasing the detection rate. We also contribute approximate metrics to quantify the detection overhead, and show that the proposed detectors achieve more than 11x reduction in overhead compared to a software only detector (1.87x compared to prior work), while improving detection time. Finally, we characterize the hardware complexity by extending an open core and synthesizing it on an FPGA platform, showing that the overhead is minimal.

Intrusion Detection Systems Using Decision Trees and Support Vector Machines

Security of computers and the networks that connect them is increasingly becoming of great significance. Intrusion detection is a mechanism of providing security to computer networks. Although there are some existing mechanisms for Intrusion detection, there is need to improve the performance. Data mining techniques are a new approach for Intrusion detection. In this paper we investigate and evaluate the decision tree data mining techniques as an intrusion detection mechanism and we compare it with Support Vector Machines (SVM). Intrusion detection with Decision trees and SVM were tested with benchmark 1998 DARPA Intrusion Detection data set. Our research shows that Decision trees gives better overall performance than the SVM

Modeling intrusion detection system using hybrid intelligent systems

The process of monitoring the events occurring in a computer system or network and analyzing them for sign of intrusions is known as intrusion detection system (IDS). This paper presents two hybrid approaches for modeling IDS. Decision trees (DT) and support vector machines (SVM) are combined as a hierarchical hybrid intelligent system model (DT–SVM) and an ensemble approach combining the base classifiers. The hybrid intrusion detection model combines the individual base classifiers and other hybrid machine learning paradigms to maximize detection accuracy and minimize computational complexity. Empirical results illustrate that the proposed hybrid systems provide more accurate intrusion detection systems

Anomaly based intrusion detection through temporal classification

Many machine learning techniques have been used to classify anomaly-based network intrusion data, encompassing from single classifier to hybrid or ensemble classifiers. A nonlinear temporal data classification is proposed in this work, namely Temporal-J48, where the historical connection records are used to classify the attack or predict the unseen attack. With its tree-based architecture, the implementation is relatively simple. The classification information is readable through the generated temporal rules. The proposed classifier is tested on 1999 KDD Cup Intrusion Detection dataset from UCI Machine Learning Repository. Promising results are reported for denial-of-service (DOS) and probing attack types