Knight Foundation School of Computing and Information Sciences
Jayesh Soni is a Ph.D. candidate in the Knight Foundation School of Computing and Information Sciences (KF-SCIS) at Florida International University (FIU). He is currently working as a research assistant in the Cyber Threat Automation and Monitoring System (CTAM) Lab under the supervision of Dr. Nagarajan Prabakar. He received his M.Tech in Computer Science from Manipal University Jaipur(MUJ), India in 2017 and B.Tech in Computer Engineering from Gujarat Technological University(GTU), India in 2014. His research interests span the fields of artificial intelligence and cybersecurity. He mentors in AI workforce development supported by DoD. He has published one book chapter, several conference and journal papers, and posters.
In recent years with the advancement of technology, cybersecurity has become a significant concern due to the high level of attacks on organization networks and systems. In such scenarios, Intrusion Detection Systems (IDS) are a crucial requirement to safeguard an organization’s digital assets. Failure to prevent intrusions could degrade the credibility of security services. Anomaly-based IDSs build models of applications’ expected behavior by analyzing events generated during the applications’ normal operation. Once these models have been established, subsequent events are analyzed to identify deviations assuming that anomalies represent evidence of an attack. Host-based anomaly detection systems often rely on system call sequences to characterize the normal behavior of applications. Recently, it has been shown how these systems can be evaded by launching attacks that execute legitimate system call sequences.
In this proposed research, we plan to propose improvements on the existing host-based anomaly detectors. First, we design an algorithm to dynamically determine the batch size for training deep learning (DL) models. Second, practical IDS are imperfect, and sometimes they may produce false alarms even for normal system behavior. Since alarms need to be investigated for any potential damage, many false alarms may increase the operational costs significantly; we propose a dynamic thresholding technique to reduce the false alarms. Lastly, in reality, the types of anomalies in a dataset can be of various kinds and cannot be detected by a single anomaly detection algorithm. Thus we design an ensemble-based learning approach to achieve better and more robust solutions.