TITLE:
Evaluation of Modified Vector Space Representation Using ADFA-LD and ADFA-WD Datasets
AUTHORS:
Bhavesh Borisaniya, Dhiren Patel
KEYWORDS:
System Call Trace, Vector Space Model, Modified Vector Space Representation, ADFA-LD, ADFA-WD
JOURNAL NAME:
Journal of Information Security,
Vol.6 No.3,
July
28,
2015
ABSTRACT: Predicting anomalous
behaviour of a running process using system call trace is a common practice
among security community and it is still an active research area. It is a
typical pattern recognition problem and can be dealt with machine learning
algorithms. Standard system call datasets were employed to train these
algorithms. However, advancements in operating systems made these datasets
outdated and un-relevant. Australian Defence Force Academy Linux Dataset
(ADFA-LD) and Australian Defence Force Academy Windows Dataset (ADFA-WD) are
new generation system calls datasets that contain labelled system call traces
for modern exploits and attacks on various applications. In this paper, we evaluate
performance of Modified Vector Space Representation technique on ADFA-LD and
ADFA-WD datasets using various classification algorithms. Our experimental
results show that our method performs well and it helps accurately
distinguishing process behaviour through system calls.