Host based intrusion detection using machine learning

Robert Moskovitch, Shay Pluderman, Ido Gus, Dima Stopel, Clint Feher, Yisrael Parmet, Yuval Shahar, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

19 Scopus citations


Detecting unknown malicious code (malcode) is a challenging task Current common solutions, such as anti-virus tools, rely heavily on prior explicit knowledge of specific instances of malcode binary code signatures. During the time between its appearance and an update being sent to anti-virus tools, a new worm can infect many computers and cause significant damage. We present a new host-based intrusion detection approach, based on analyzing the behavior of the computer to detect the presence of unknown malicious code. The new approach consists on classification algorithms that learn from previous known malcode samples which enable the detection of an unknown malcode. We performed several experiments to evaluate our approach, focusing on computer worms being activated on several computer configurations while running several programs in order to simulate background activity. We collected 323 features in order to measure the computer behavior. Four classification algorithms were applied on several feature subsets. The average detection accuracy that we achieved was above 90% and for specific unknown worms even above 99%.

Original languageEnglish
Title of host publicationISI 2007
Subtitle of host publication2007 IEEE Intelligence and Security Informatics
PublisherIEEE Computer Society
Number of pages8
ISBN (Print)1424413303, 9781424413300
StatePublished - 1 Jan 2007
EventISI 2007: 2007 IEEE Intelligence and Security Informatics - New Brunswick, NJ, United States
Duration: 23 May 200724 May 2007

Publication series

NameISI 2007: 2007 IEEE Intelligence and Security Informatics


ConferenceISI 2007: 2007 IEEE Intelligence and Security Informatics
Country/TerritoryUnited States
CityNew Brunswick, NJ


  • Component
  • Malicious code detection
  • Worms

ASJC Scopus subject areas

  • Computer Science (all)
  • Control and Systems Engineering


Dive into the research topics of 'Host based intrusion detection using machine learning'. Together they form a unique fingerprint.

Cite this