Comparative Analysis of LSTM, One-Class SVM, and PCA to Monitor Real-Time Malware Threats Using System Call Sequences and Virtual Machine Introspection
Book Chapter
Soni, J, Peddoju, SK, Prabakar, N et al. (2021). Comparative Analysis of LSTM, One-Class SVM, and PCA to Monitor Real-Time Malware Threats Using System Call Sequences and Virtual Machine Introspection
. 733 LNEE 113-127. 10.1007/978-981-33-4909-4_9
Soni, J, Peddoju, SK, Prabakar, N et al. (2021). Comparative Analysis of LSTM, One-Class SVM, and PCA to Monitor Real-Time Malware Threats Using System Call Sequences and Virtual Machine Introspection
. 733 LNEE 113-127. 10.1007/978-981-33-4909-4_9
System call analysis is based on a behavior-oriented anomaly detection technique, which is well accepted due to its consistent performance. This study compares two popular algorithms long short-term memory (LSTM) sequence to sequence (Seq-Seq), and one-class support vector machines (OCSVM) for anomalous system call sequences detection. The proposed framework monitors running processes to recognize compromised virtual machines in hypervisor-based systems. The evaluated results show the comparative analysis and effectiveness of feature extraction strategies and anomaly detection algorithms based on their high detection accuracy and with a low loss. This study demonstrates a comparative analysis of detecting anomalous behavior in any process using OCSVM and LSTM Seq-Seq algorithms. A bag-of-2-g with PCA feature extraction strategy and LSTM Seq-Seq with a sequence length of five provides higher detection accuracy of 97.2%.