Bidirectional LSTM autoencoder for sequence based anomaly detection in cyber security.

Abstract

Cyber-security is concerned with protecting information, a vital asset in today’s world. The volume of data that is generated can be usefully analyzed when cyber-security systems are effectively implemented with the aid of software support. Our approach is to determine normal behavior of a system based on sequences of system call traces made by the kernel processes in the system. This paper describes a robust and computationally efficient anomaly based host based intrusion detection system using an Encoder-Decoder mechanism. Using CuDNNLSTM networks, it is possible to obtain a set of comparable results with reduced training times. The Bidirectional Encoder and a unidirectional Decoder is trained on normal call sequences in the ADFA-LD dataset. Intrusion Detection is evaluated based on determining the probability of a sequence being reconstructed by the model