Deanship of Graduate Studies | Researches | Enhanced Host-based Intrusion Detection System for Cloud Platform

Main Page
Deanship
- The Dean
  - Dean's Word
  - Curriculum Vitae
  - Contact the Dean
- Vision and Mission
- Organizational Structure
- Vice- Deanship
- Vice- Dean
- KAU Graduate Studies
Research Services & Courses
- Research Services Unit
- Important Research for Society
- Deanship's Services
  - FAQs
  - Research
  - Staff Directory
  - Files
  - Favorite Websites
  - Deanship Access Map
Graduate Studies Awards
Deanship's Staff
- Staff Directory
Files
Researches
Contact us

- عربي
- English

Deanship of Graduate Studies

Document Details

Document Type	:	Thesis
Document Title	:	Enhanced Host-based Intrusion Detection System for Cloud Platform نظام كشف التسلل المحسن للأنظمة المستضافة في المنصات السحابية
Subject	:	Faculty of Computing and Information Technology
Document Language	:	Arabic
Abstract	:	To detect zero-day attacks in modern cloud platforms, several host-based intrusion detection systems are proposed using the newly compiled ADFA-LD dataset. These techniques use the system call traces of the dataset to detect anomalies. The common limitations found in such systems include one or more of the following: low detection rate, high false alarm rate, and long learning time that leads to inflexible response to eventual changes in the normal profile. To overcome these limitations and achieve best combination of high detection rate, low false alarm rate, and small learning time, we propose two host-based intrusion detection systems. The first system utilizes a novel algorithm to extract only distinct short sequences of system calls per normal trace to create a normal profile. Then, a companion classification algorithm is used to detect anomalies. The second one employs frequency-based feature extraction from traces of system calls and uses semi-supervised anomaly detection techniques such as support vector machines, k-nearest neighbors and k-furthest neighbors. We developed two prototypes using Java language for both systems and compared their performance using the ADFA-LD dataset. The experimental results showed that the first system outperformed the second. To the best of our knowledge, the obtained results of the proposed first system are superior to all up-to-date published systems in terms of computational cost and learning time. The obtained detection rate is also much higher than almost all compared systems and is very close to the highest result. In particular, the proposed short-sequence-based intrusion detection system provides the best combination of high detection rate and very small learning time. The developed prototype achieved 90.48% detection rate, 22.5% false alarm rate, and a learning time of about 30 seconds. This provides high capability to detect zero-day attacks and also makes it flexible to cope with any environmental changes since it can learn quickly and incrementally without the need to rebuild the whole classifier from scratch.
Supervisor	:	Prof. Mohamed Ashraf Madkour
Thesis Type	:	Master Thesis
Publishing Year	:	1438 AH 2017 AD
Added Date	:	Thursday, June 1, 2017

Researchers

Researcher Name (Arabic)	Researcher Name (English)	Researcher Type	Dr Grade	Email
يعقوب سيد عبدالله	bdullah, Yaqoob Sayed	Researcher	Master

Files

File Name	Type	Description
40835.pdf	pdf

Back To Researches Page