TY - GEN
T1 - Efficient Host Intrusion Detection using Hyperdimensional Computing
AU - Nam, Yujin
AU - King, Rachel
AU - Burke, Quinn
AU - Zhou, Minxuan
AU - McDaniel, Patrick
AU - Rosing, Tajana
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Modern host-based intrusion detection systems (HIDS) rely on querying provenance graphs - graph representations of activity history on a system - to detect and respond to security threats present on a system. However, as the complexity and number of applications running on a system increase, the size of provenance graphs also increase, and thus the latency to query them. State-of-the-art designs deliver query latencies that are impractical for modern threat detection. In this paper, we introduce a hyper-dimensional computing (HDC) approach to querying provenance graphs for HIDS. By encoding provenance graphs and attack patterns/signatures into hyper-dimensional vectors, we can implement a query engine using simple vector operations. Our approach is hardware accelerator compatible, providing further speedups under resource-constrained environments. Our evaluation on a real-world dataset shows that our approach achieves > 90% detection accuracy and up to 4, 242× speedups over the state-of-the-art. This shows that HDC-based approaches can effectively deal with scaling issues in modern HIDS.
AB - Modern host-based intrusion detection systems (HIDS) rely on querying provenance graphs - graph representations of activity history on a system - to detect and respond to security threats present on a system. However, as the complexity and number of applications running on a system increase, the size of provenance graphs also increase, and thus the latency to query them. State-of-the-art designs deliver query latencies that are impractical for modern threat detection. In this paper, we introduce a hyper-dimensional computing (HDC) approach to querying provenance graphs for HIDS. By encoding provenance graphs and attack patterns/signatures into hyper-dimensional vectors, we can implement a query engine using simple vector operations. Our approach is hardware accelerator compatible, providing further speedups under resource-constrained environments. Our evaluation on a real-world dataset shows that our approach achieves > 90% detection accuracy and up to 4, 242× speedups over the state-of-the-art. This shows that HDC-based approaches can effectively deal with scaling issues in modern HIDS.
UR - http://www.scopus.com/inward/record.url?scp=85218047923&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85218047923&partnerID=8YFLogxK
U2 - 10.1109/BigData62323.2024.10825247
DO - 10.1109/BigData62323.2024.10825247
M3 - Conference contribution
AN - SCOPUS:85218047923
T3 - Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024
SP - 2645
EP - 2652
BT - Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024
A2 - Ding, Wei
A2 - Lu, Chang-Tien
A2 - Wang, Fusheng
A2 - Di, Liping
A2 - Wu, Kesheng
A2 - Huan, Jun
A2 - Nambiar, Raghu
A2 - Li, Jundong
A2 - Ilievski, Filip
A2 - Baeza-Yates, Ricardo
A2 - Hu, Xiaohua
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2024 IEEE International Conference on Big Data, BigData 2024
Y2 - 15 December 2024 through 18 December 2024
ER -