With the growth of research around system call-based host-based Intrusion Detection Systems (IDS), some publications have made it possible to better synthesize advances using techniques derived from language processing or having been carried out on the same dataset. However, no study provides a rigorous comparison of detection performances of such methods nor their induced overhead on devices, which is nevertheless crucial for assessing their applicability to real-life targets. To address this gap and complete existing surveys, we systematically analyzed nearly 400 publications from the literature to reproduce 11 state-of-the-art methods representing the diversity of system call-based intrusion detection approaches from 1996 to 2025, offering an experimental comparison of the performance of these IDS with the same datasets for training and evaluation, and the same evaluation criteria. This work highlighted the high relevance of system call analysis for intrusion detection since it offers promising results, but a lack of maturity regarding their applicability as is, due to the high rate of false alarms returned by models and the impact on devices performance that is little considered by researchers.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

An Empirical Evaluation of Intrusion Detection Systems Based on System Calls

  • Lalie Arnoud,
  • Victor Breux,
  • Pierre-Henri Thevenon,
  • Eric Gaussier

摘要

With the growth of research around system call-based host-based Intrusion Detection Systems (IDS), some publications have made it possible to better synthesize advances using techniques derived from language processing or having been carried out on the same dataset. However, no study provides a rigorous comparison of detection performances of such methods nor their induced overhead on devices, which is nevertheless crucial for assessing their applicability to real-life targets. To address this gap and complete existing surveys, we systematically analyzed nearly 400 publications from the literature to reproduce 11 state-of-the-art methods representing the diversity of system call-based intrusion detection approaches from 1996 to 2025, offering an experimental comparison of the performance of these IDS with the same datasets for training and evaluation, and the same evaluation criteria. This work highlighted the high relevance of system call analysis for intrusion detection since it offers promising results, but a lack of maturity regarding their applicability as is, due to the high rate of false alarms returned by models and the impact on devices performance that is little considered by researchers.