Researchers have investigated the generalizability of Host Intrusion Detection Systems (HIDS) that utilize syscall traces. The study empirically tested whether anomaly detectors trained on known Common Vulnerabilities and Exposures (CVEs) sharing a Common Weakness Enumeration (CWE) class could identify new, unseen CVEs within the same class. Findings indicate that while CWE-level generalization is achievable for certain weakness families using current syscall features, it is not universally effective and can be direction-dependent. The research also highlights the importance of calibrated false positive rates for reliable reporting in this domain. AI
IMPACT This research could lead to more robust intrusion detection systems capable of identifying novel threats based on known weakness categories.
RANK_REASON Academic paper detailing a new methodology for HIDS generalisation. [lever_c_demoted from research: ic=1 ai=1.0]
- Common Weakness Enumeration
- CWE-307
- CWE-434
- CWE-89
- Isolation forest
- LID-DS-2021
- Peng Guo
- SGD One-Class SVM
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →
