It is not foolproof for intrusion detection to focus only on the network level and the program level. Internal security and external security of information systems should be given equal attention. User-level intrusion detection can deter and curtail attackers from damaging information systems. Even if the mimic attacker has gained and enhanced the host user privileges that he illegally obtained. In this paper, a novel method based on recurrent neural networks (RNNs) is used to predict user command sequences and prophesy user behaviors. The experimental results show that our command sequence-to-sequence model is robust and effective for solving long sequential problem on three different data sets including Purdue University data set, SEA data set and self-collected data set.
PanJ.-S., KongL., SungT.-W., TsaiP.-W. and SnaselV., Alpha-Fraction First Strategy for Hierarchical Wireless Sensor Networks, Journal of Internet Technology19(6) (2018),1717–1726.
2.
PanJ.-S., LeeC.-Y., SghaierA., ZeghidM. and XieJ., Novel Systolization of Subquadratic Space Complexity Multipliers Based on Toeplitz Matrix–Vector Product Approach, IEEE Transactions on Very Large Scale Integration Systems27(7) (2019),1614–1622.
3.
WuT.-Y., ChenC.-M., WangK.-H., MengC. and WangE.K., A Provably Secure Certificateless Public Key Encryption with Keyword Search, Journal of the Chinese Institute of Engineers42(1) (2019),20–28.
4.
ChenC.-M., WangK.-H., YehK.-H., XiangB. and WuT.-Y., Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications, Journal of Ambient Intelligence and Humanized Computing10(8) (2019),3133–3142.
5.
ChenC.-M., XiangB., LiuY. and WangK.-H., A Secure Authentication Protocol for Internet of Vehicles, IEEE ACCESS7(1) (2019),12047–12057.
6.
WuJ.M.-T., LinJ.C.-W. and TamrakarA., High-Utility Itemset Mining with Effective Pruning Strategies, ACM Transactions on Knowledge Discovery from Data, https://doi.org/10.1145/3363571 (2019).
7.
LiX. and RobinH., Construction and analysis of hidden Markov model for piano notes recognition algorithm, Journal of Intelligent and Fuzzy Systems37(3) (2019),3293–3302.
8.
AhmedF. and DouZ., Big data analysis techniques for intelligent systems, Journal of Intelligent and Fuzzy Systems37(3) (2019),3067–3071.
9.
LaneT.D., Machine learning techniques for the computer security domain of anomaly detection, Purdue University (2001).
10.
MatthiasS., Computer intrusion: Detecting mas querades, Statistic Science16(1) (2001),58–74.
11.
YeN., ZhangY. and BorrorC.M., Robustness of the Mar kov-chain model for cyber-attack detection, IEEE. T. R eliab53(1) (2004),116–123.
12.
HuangL. and StampM., Masquerade detection using profile hidden Markov models, Computer Security30(8) (2011),732–747.
13.
BzhalavaZ., HultinE. and DillnerJ., Extension of the viral ecology in humans using viral profile hidden Markov models, Plos One13(1) (2018),1–12.
14.
VemparalaS., Di TroiaF., CorradoV.A., et al., Malware detetection using dynamic birthmarks, IWSPA (2016), 41–46.
15.
YuW., Wei-PingW. and DanM., Mining user cross-domain behavior patterns for insider threat detection, China Journal Computer39(8) (2016),1555–1569.
16.
HodgeV.J. and AustinJ., A survey of outlier detection methodologies, Artificial Intelligence Review22(2) (2013),85–126.
17.
GuptaM., GaoJ., AggarwalC., et al., Outlier detection for temporal data: A survey, IEEE Transactions on Knowledge and Data Engineering26(9) (2014),2250–2267.
18.
StolfoS.J., Ben SalemM. and HershkopS., Methods, systems, and media for masquerade attack detection by monitoring computer user behavior: US, US9311476, (2016).
19.
EmmottA.F., DasS. and DietterichT., et al., Systematic construction of anomaly detection benchmarks from real data. SIGKDD (2015), 16–21.
20.
TajerA., VeeravalliV.V. and PoorH.V., Outlying sequence detection in large data sets: A data-driven approach, IEEE Signal Proc Mag31(5) (2014),44–56.
21.
GargA., UpadhyayaS. and KwiatK., A user behavior monitoring and profiling scheme for masquerade detection, Handbook of Statistics31 (2013),353–379.
22.
Al-YaseenW.L., OthmanZ.A. and NazriM.Z.A., Hybrid modified K-Means with C4.5 for intrusion detection systems in multiagent systems, The Scientific World J2015(2) (2015),1–14.
23.
SahuS.K. and JenaS.K., A multiclass SVM classification approach for Intrusion detection, IDCS (2016)
24.
AbdullahA., PonnanR. and AsirvathamD., Improving multiclass classification in intrusion detection using clustered linear separator analytics, ISMS (2018), 32–37.
25.
SumaiyaT.I. and KumarA., Cherukuri, Intrusion detection model using fusion of chi-square feature selection and multi class SVM, JKSU-CIS29(4) (2016),1319–1578.
26.
ThaseenI.S. and KumarC.A., Intrusion detection model using fusion of PCA and optimized SVM. IC3I. 879–884 (2015).
27.
KimH.S. and ChaS.D., Empirical evaluation of SVM-based mas querade detection using UNIX commands, Comput Secur24(2) (2005),160–168.
28.
BerezinskiP., JasiulB. and SzpyrkaM., An entropy-based network anomaly detection method, Entropy17(4) (2015),2367–2408.
29.
KandaY., FontugneR., FukudaK., et al., ADMIRE: Anomaly detection method using entropy-based PCA with three-step sketches, Computer Communication36(5) (2013),575–588.
30.
YinM., YaoD., LuoJ., et al., Network backbone anomaly detection using double random forests based on non-extensive entropy feature extraction, ICNC (2014), 80–84.
31.
LiuD., LungC.H., SeddighN., et al., Entropy-based robust PCA for communication network anomaly detection, ICCC (2014), 171–175.
32.
WangW., GuyetT., QuiniouR., et al., Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks, Knowledge-Based System70 (2014),103–117.
33.
WangZ., YangJ. and LiF., An on-line anomaly detection method based on a new stationarymetric-entropy-ratio, IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (2014), 175–192.
34.
BerezińskiP., SzpyrkaM., JasiulB., et al., Network anomaly detection using parameterized entropy, CISIM (2014).
35.
GiotisK., ArgyropoulosC., AndroulidakisG., et al., Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments, Computer Networks62(5) (2014),122–136.
36.
DingM. and TianH., PCA-based network traffic anomaly detection, Tsinghua Science and Technology21(5) (2016),500–509.
37.
TangY., LiuZ., PanM., et al., Detection of magnetic anomaly signal based on information entropy of differential signal, IEEE Geosci Remote S (2018), 1–5.
38.
LecunY., BengioY. and HintonG., Deep learning, Nature521(7553) (2015),436.
39.
LecunY., JackelL.D., BoserB., et al., Handwritten digit recognition:, Applications of neural network chips and automatic learning27(11), 1989.
40.
RumelhartD.E., HintonG.E. and WilliamsR.J., Learning representations by back-propagating errors, Nature323(3) (1986),533–536.
41.
HintonG.E., OsinderoS. and TehY.W., A fast learning algorithm for deep belief nets, Neural Computation18(7) (2006),1527–1554.
42.
HintonG.E. and McClellandJ.L., Learning representations by recirculation, Proceeding of the 1st Int Conference on Neural Information Systems, Cambridge, MA: MIT Press (1987), 358–366.
43.
DahlG.E., StokesJ.W., DengL. and YuD., Large-scale malware classification using random projections and neural networks, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (2013).
44.
PascanuR., StokesJ.W., SanossianH., MarinescuM. and ThomasA., Malware classificationwith recurrent networks, IEEE International Conference on Acoustics (2015).
45.
JozefowiczR., ZarembaW. and SutskeverI., An Empirical Exploration of Recurrent Network Architectures, International Conference on International Conference on Machine Learning (2015).
46.
RhodeM., BurnapP. and JonesK., Early-Stage Malware Prediction Using Recurrent Neural Networks, Computers & Security77 (2018).
47.
KimH.S. and ChaS.D., Empirical evaluation of SVM-based masquerade detection using UNIX commands, Computer Security24(2) (2005),160–168.
48.
DebarH., BeckerM. and SiboniD., A Neural Network Component for an Intrusion Detection System, IEEE Symposium on Security & Privacy (1992).
49.
NixR. and JianZ., Classification of Android apps and malware using deep neural networks, International Joint Conference on Neural Networks (2017).
50.
ZaheerM., TristanJ.B., WickM.L., et al., Learning a static analyzer: A case study on a toy language [EB/OL]. (2016).
51.
GodefroidP., PelegH. and SinghR., Learn&fuzz: Machine learning for input fuzzing (2017).
52.
MelicherW., UrB., SegretiS.M., et al., Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks, Journal of Networks8(6) (2016),175–191.
53.
HuW. and TanY., Black-box attacks against RNN based mal-ware detection algorithms (2017).
54.
RosenbergI., ShabtaiA., RokachL. and EloviciY., Generic black-box end-to-end attack against state of the art API call based malware classifiers (2017).
55.
GrosseK., PapernotN., ManoharanP., BackesM. and McdanielP., Adversarial perturbations against deep neural networks for malware classification. (2016).
56.
PapernotN., McdanielP., SinhaA. and WellmanM., Towards the science of security and privacy in machine learning (2016).
57.
AthiwaratkunB. and StokesJ.W., Malware classification with LSTM and GRU language models and a character-level CNN, IEEE International Conference on Acoustics (2017).
