Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

Computer security is one of the main challenges of today's technological infrastructures, whereas intrusion detection systems are one of the most widely used technologies to secure computer systems. The intrusion detection systems use a variety of information sources, one of the most important sources are the applications' system calls. The intrusion detection systems use many different detection techniques, e.g. system calls sequences, text classification techniques and system calls graphs. However, existing techniques obtain poor results in the detection of complex attack patterns, so it is necessary to improve the detection results. This paper presents an intrusion detection system model that integrates multiple detection techniques into a single system with the goal of modeling the global behavior of the applications. In addition, the paper proposes a new modified system calls graph to integrate and represent the information of the different techniques in a single data structure. The system uses a deep neural network to combine the results of the different detection techniques used in the global model. The result of the study shows the improvement obtained in the detection results with respect to the use of individual techniques, the proposed model achieves higher detection rates and lower false positives. The proposal has been validated onto three datasets with different levels of complexity.