Abstract
To advance research on system call based HIDS, we present LID-DS 2021, a recording framework, a dataset for comparative analysis, and a library for evaluating HIDS algorithms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
https://github.com/DjPasco/AWSCTD - date accessed: October 17, 2022.
- 2.
A list of the LID-DS-2021 scenarios including their description, classification by simple/multi-step, and their source code can be found at https://github.com/LID-DS/LID-DS/wiki/Scenarios.
- 3.
Common Vulnerabilities and Exposures (CVE): a reference-method for publicly known information-security vulnerabilities and exposures. See: https://cve.mitre.org/.
- 4.
Example code: https://github.com/LID-DS/LID-DS/wiki/ids_example.
- 5.
References
Arp, D., et al.: Dos and don’ts of machine learning in computer security. In: Proceedings of the USENIX Security Symposium (2022)
Čeponis, D., Goranin, N.: Towards a robust method of dataset generation of malicious activity for anomaly-based HIDS training and presentation of AWSCTD dataset. Baltic J. Modern Comput. 6(3), 217–234 (2018)
Creech, G.: Developing a high-accuracy cross platform host-based intrusion detection system capable of reliably detecting zero-day attacks, Ph. D. thesis, UNSW Sydney (2014)
Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805–822 (1999)
Deng, S.: Empirical model of www document arrivals at access link. In: Proceedings of ICC/SUPERCOMM1996-International Conference on Communications, vol. 3, pp. 1797–1802. IEEE (1996)
Grimmer, M., Kaelble, T., Rahm, E.: Improving host-based intrusion detection using thread information. In: Meng, W., Katsikas, S.K. (eds.) EISA 2021. CCIS, vol. 1403, pp. 159–177. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-93956-4_10
Grimmer, M., Röhling, M.M., Kreusel, D., Ganz, S.: A modern and sophisticated host based intrusion detection data set. IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung, pp. 135–145 (2019)
Han, X., Pasquier, T., Bates, A., Mickens, J., Seltzer, M.: Unicorn: runtime provenance-based detector for advanced persistent threats. arXiv preprint arXiv:2001.01525 (2020)
Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151–180 (1998)
MIT Lincoln Laboratory: 1998 darpa intrusion detection evaluation data set. https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset (1998). Accessed 10 Mar 2022
MIT Lincoln Laboratory: 1999 darpa intrusion detection evaluation data set. https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset (1998). Accessed 10 Mar 2022
Park, D., Kim, S., Kwon, H., Shin, D., Shin, D.: Host-based intrusion detection model using Siamese network. IEEE Access 9, 76614–76623 (2021)
Pendleton, M., Xu, S.: A dataset generator for next generation system call host intrusion detection systems. In: MILCOM 2017–2017 IEEE Military Communications Conference (MILCOM), pp. 231–236. IEEE (2017)
Röhling, M.M., Grimmer, M., Kreubel, D., Hoffmann, J., Franczyk, B.: Standardized container virtualization approach for collecting host intrusion detection data. In: 2019 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 459–463. IEEE (2019)
Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 255–264 (2002)
Wunderlich, S., Ring, M., Landes, D., Hotho, A.: Comparison of system call representations for intrusion detection. In: Martínez Álvarez, F., Troncoso Lora, A., Sáez Muñoz, J.A., Quintián, H., Corchado, E. (eds.) CISIS/ICEUTE -2019. AISC, vol. 951, pp. 14–24. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-20005-3_2
Acknowledgement
This work was supported by the German Federal Ministry of Education and Research(BMBF, 01IS18026B) by funding the competence center for Big Data and AI “ScaDS.AI” Dresden/Leipzig.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Grimmer, M. et al. (2023). Dataset Report: LID-DS 2021. In: Hämmerli, B., Helmbrecht, U., Hommel, W., Kunczik, L., Pickl, S. (eds) Critical Information Infrastructures Security. CRITIS 2022. Lecture Notes in Computer Science, vol 13723. Springer, Cham. https://doi.org/10.1007/978-3-031-35190-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-35190-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35189-1
Online ISBN: 978-3-031-35190-7
eBook Packages: Computer ScienceComputer Science (R0)