Anomaly-Based Intrusion Detection Using Classification Models: An Analysis of System Call Traces

A tétel rövid nézete
dc.contributor.advisorBérczes, Tamás
dc.contributor.authorGaskel, Gregory
dc.contributor.departmentDE--Természettudományi és Technológiai Kar--Matematikai Intézet
dc.date.accessioned2023-04-28T09:06:06Z
dc.date.available2023-04-28T09:06:06Z
dc.date.created2023-04-28
dc.description.abstractIn this thesis, we apply classification models to anomaly-based intrusion detection using system call traces. Several feature extraction techniques commonly used for vectorizing system call traces are examined, including the Boolean Model, Simple Vector Space Model, Traditional N-Gram Vector Space Model, and the N-Gram TF-IDF Model. We then propose a novel variable-length feature extraction framework based on the N-Gram TF-IDF Model, whereby n-gram terms of various length are included in the feature set. We then evaluate the performance of each feature extraction approach with the Australian Defense Force Academy Linux Dataset (ADFA-LD) using three classification models: linear discriminant analysis, random forest classification, and logistic regression. By computing performance metrics, including accuracy, precision, recall, F-measure, false positive rate, and area under the curve (AUC), we obtain insight into the trade-off between model complexity and performance.
dc.description.correctorLB
dc.description.courseApplied Mathematics
dc.description.degreeMSc/MA
dc.format.extent38
dc.identifier.urihttps://hdl.handle.net/2437/351195
dc.language.isoen
dc.rights.accessHozzáférhető a 2022 decemberi felsőoktatási törvénymódosítás értelmében.
dc.subjectcybersecurity
dc.subjectsystem call traces
dc.subjectintrusion detection
dc.subjectclassification models
dc.subject.dspaceDEENK Témalista::Matematika
dc.titleAnomaly-Based Intrusion Detection Using Classification Models: An Analysis of System Call Traces
Fájlok
Gyűjtemények
Theses (Faculty of Science and Technology)