Agentless Host Intrusion Detection Using Machine Learning Techniques

Date

2023-04-12

Authors

Jianfeng, Liu

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

With the rise in the frequency and sophistication of cyberattacks, host intrusion detection systems (HIDSs) have become an essential component in monitoring and protecting endpoints in the network security perimeter. Current HIDSs rely on a local software agent deployed on the monitored host that collects and processes or pre-processes required data. However, this architecture has adverse effects such as increased attack surface, and high maintenance cost and overhead. Recently, a generic agentless endpoint framework that collects transparently raw data from the monitored host was proposed by Ghaleb et al [1] along with a basic threshold-based statistical model for intrusion detection as an initial proof of concept. This report extends the generic agentless framework by collecting a new dataset with more attack vectors and developing and comparing six machine learning models, including k-nearest neighbors, logistic regression, naïve Bayes, decision tree, random forest, and support vector machine. The experimental evaluation using the collected dataset confirmed the feasibility of agentless host intrusion detection, with increased detection efficiency and effectiveness.

Description

Keywords

Attack detection, Confusion matrix, Machine learning, Agentless, HIDS

Citation