A Host-Based Anomaly Detection Framework Using XGBoost and LSTM for IoT Devices

<table class="table-group" id="tab1"><tr><td><table class="table"><tr><td class="thead-hr" colspan="4"><hr/></td></tr><tr class="thead"><td class="align_left">No.</td><td class="align_center">Class name</td><td class="align_center">State</td><td class="align_center">Notes</td></tr><tr><td class="thead-hr" colspan="4"><hr/></td></tr><tr><td class="align_left">1</td><td class="align_center">Class 0</td><td class="align_center">Normal state</td><td class="align_center">Syscall sequence data in normal state</td></tr><tr><td class="align_left">2</td><td class="align_center">Class 1</td><td class="align_center">Vulnerability exploiting</td><td class="align_center">Syscall sequence data in CVE-2016-5195</td></tr><tr><td class="align_left">3</td><td class="align_center">Class 2</td><td class="align_center">Malware infection</td><td class="align_center">Syscall sequence data in BASHLITE malware</td></tr><tr><td class="align_left">4</td><td class="align_center">Class 3</td><td class="align_center">Abnormal operation</td><td class="align_center">Syscall sequence data in user add operation</td></tr><tr><td class="align_left">5</td><td class="align_center">Class 4</td><td class="align_center">Memory leak</td><td class="align_center">Syscall sequence data in RTSP memory leak</td></tr><tr class="table-tr"><td colspan="4"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Five classes of collected system call sequence dataset.</div>

Wireless Communications and Mobile Computing

tab1

Table 1

Table 1: A Host-Based Anomaly Detection Framework Using XGBoost and LSTM for IoT Devices 