基于主机的入侵检测系统的词嵌入特征提取技术评价。

Paul K Mvula, Paula Branco, Guy-Vincent Jourdan, Herna L Viktor
{"title":"基于主机的入侵检测系统的词嵌入特征提取技术评价。","authors":"Paul K Mvula,&nbsp;Paula Branco,&nbsp;Guy-Vincent Jourdan,&nbsp;Herna L Viktor","doi":"10.1007/s44248-023-00002-y","DOIUrl":null,"url":null,"abstract":"<p><p>Research into Intrusion and Anomaly Detectors at the Host level typically pays much attention to extracting attributes from system call traces. These include window-based, Hidden Markov Models, and sequence-model-based attributes. Recently, several works have been focusing on sequence-model-based feature extractors, specifically Word2Vec and GloVe, to extract embeddings from the system call traces due to their ability to capture semantic relationships among system calls. However, due to the nature of the data, these extractors introduce inconsistencies in the extracted features, causing the Machine Learning models built on them to yield inaccurate and potentially misleading results. In this paper, we first highlight the research challenges posed by these extractors. Then, we conduct experiments with new feature sets assessing their suitability to address the detected issues. Our experiments show that Word2Vec is prone to introducing more duplicated samples than GloVe. Regarding the solutions proposed, we found that concatenating the embedding vectors generated by Word2Vec and GloVe yields the overall best balanced accuracy. In addition to resolving the challenge of data leakage, this approach enables an improvement in performance relative to other alternatives.</p>","PeriodicalId":72824,"journal":{"name":"Discover data","volume":"1 1","pages":"2"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10077957/pdf/","citationCount":"2","resultStr":"{\"title\":\"Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems.\",\"authors\":\"Paul K Mvula,&nbsp;Paula Branco,&nbsp;Guy-Vincent Jourdan,&nbsp;Herna L Viktor\",\"doi\":\"10.1007/s44248-023-00002-y\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>Research into Intrusion and Anomaly Detectors at the Host level typically pays much attention to extracting attributes from system call traces. These include window-based, Hidden Markov Models, and sequence-model-based attributes. Recently, several works have been focusing on sequence-model-based feature extractors, specifically Word2Vec and GloVe, to extract embeddings from the system call traces due to their ability to capture semantic relationships among system calls. However, due to the nature of the data, these extractors introduce inconsistencies in the extracted features, causing the Machine Learning models built on them to yield inaccurate and potentially misleading results. In this paper, we first highlight the research challenges posed by these extractors. Then, we conduct experiments with new feature sets assessing their suitability to address the detected issues. Our experiments show that Word2Vec is prone to introducing more duplicated samples than GloVe. Regarding the solutions proposed, we found that concatenating the embedding vectors generated by Word2Vec and GloVe yields the overall best balanced accuracy. In addition to resolving the challenge of data leakage, this approach enables an improvement in performance relative to other alternatives.</p>\",\"PeriodicalId\":72824,\"journal\":{\"name\":\"Discover data\",\"volume\":\"1 1\",\"pages\":\"2\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10077957/pdf/\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Discover data\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1007/s44248-023-00002-y\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Discover data","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s44248-023-00002-y","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

摘要

主机级入侵和异常检测器的研究通常侧重于从系统调用跟踪中提取属性。这些包括基于窗口的、隐马尔可夫模型和基于序列模型的属性。最近,一些工作集中在基于序列模型的特征提取器上,特别是Word2Vec和GloVe,由于它们能够捕获系统调用之间的语义关系,因此可以从系统调用跟踪中提取嵌入。然而,由于数据的性质,这些提取器在提取的特征中引入了不一致性,导致建立在它们之上的机器学习模型产生不准确和潜在的误导性结果。在本文中,我们首先强调了这些提取器带来的研究挑战。然后,我们用新特征集进行实验,评估它们解决检测到的问题的适用性。我们的实验表明,Word2Vec比GloVe更容易引入更多的重复样本。对于所提出的解决方案,我们发现连接由Word2Vec和GloVe生成的嵌入向量可以产生最佳的总体平衡精度。除了解决数据泄漏的问题外,这种方法还可以提高相对于其他替代方案的性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

摘要图片

摘要图片

摘要图片

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Evaluating Word Embedding Feature Extraction Techniques for Host-Based Intrusion Detection Systems.

Research into Intrusion and Anomaly Detectors at the Host level typically pays much attention to extracting attributes from system call traces. These include window-based, Hidden Markov Models, and sequence-model-based attributes. Recently, several works have been focusing on sequence-model-based feature extractors, specifically Word2Vec and GloVe, to extract embeddings from the system call traces due to their ability to capture semantic relationships among system calls. However, due to the nature of the data, these extractors introduce inconsistencies in the extracted features, causing the Machine Learning models built on them to yield inaccurate and potentially misleading results. In this paper, we first highlight the research challenges posed by these extractors. Then, we conduct experiments with new feature sets assessing their suitability to address the detected issues. Our experiments show that Word2Vec is prone to introducing more duplicated samples than GloVe. Regarding the solutions proposed, we found that concatenating the embedding vectors generated by Word2Vec and GloVe yields the overall best balanced accuracy. In addition to resolving the challenge of data leakage, this approach enables an improvement in performance relative to other alternatives.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
The measurement errors of google trends data Benchmarking of Secure Group Communication schemes with focus on IoT TFPsocialmedia: a public dataset for studying Turkish foreign policy Data sharing and exchanging with incentive and optimization: a survey Canadian agriculture technology adoption
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1