Anomaly Detection Based on System Call Sequences with Integrated Attention Mechanism.
Saved in:
| Title: | Anomaly Detection Based on System Call Sequences with Integrated Attention Mechanism. |
|---|---|
| Authors: | Zhao, An1 1326718607@qq.com, Xu, Shuhua2 2662791882@qq.com, Liu, Zihao3 13707636591@163.com, Ding, Mingyu4 1328602214@qq.com |
| Source: | IAENG International Journal of Computer Science. May2026, Vol. 53 Issue 5, p1706-1715. 10p. |
| Subjects: | Anomaly detection (Computer security), Intrusion detection systems (Computer security), Deep learning, Internet security, Artificial neural networks |
| Abstract: | Traditional signature-based host intrusion detection systems are increasingly ineffective against advanced persistent threats and previously unseen attacks. System call sequence-based anomaly detection mitigates this limitation by modeling normal behavior; however, existing deep-learning approaches often lack interpretability due to their black-box nature. To address this issue, this paper proposes an interpretable system call anomaly detection model based on a self-attention mechanism. Raw system call traces are embedded into semantic vectors and processed by a Transformer-based encoder to capture long-range dependencies. Anomaly classification is performed using attention-weighted sequence features, enabling the model to highlight system calls that are most indicative of malicious behavior. Experiments on the ADFA-WD dataset and a larger hybrid dataset demonstrate that the proposed method outperforms classical baselines, achieving approximately 5% improvement in recall and 3% improvement in F1-score over LSTM-based models. Moreover, attention visualization reveals that the model consistently emphasizes critical calls associated with privilege-escalation attacks, providing valuable interpretability for security analysts. These results indicate that self-attention enhances both detection performance and transparency in host-based intrusion detection. [ABSTRACT FROM AUTHOR] |
| Copyright of IAENG International Journal of Computer Science is the property of International Association of Engineers (IAENG) and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
| FullText | Links: – Type: pdflink Text: Availability: 0 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 193482027 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Anomaly Detection Based on System Call Sequences with Integrated Attention Mechanism. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Zhao%2C+An%22">Zhao, An</searchLink><relatesTo>1</relatesTo><i> 1326718607@qq.com</i><br /><searchLink fieldCode="AR" term="%22Xu%2C+Shuhua%22">Xu, Shuhua</searchLink><relatesTo>2</relatesTo><i> 2662791882@qq.com</i><br /><searchLink fieldCode="AR" term="%22Liu%2C+Zihao%22">Liu, Zihao</searchLink><relatesTo>3</relatesTo><i> 13707636591@163.com</i><br /><searchLink fieldCode="AR" term="%22Ding%2C+Mingyu%22">Ding, Mingyu</searchLink><relatesTo>4</relatesTo><i> 1328602214@qq.com</i> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22IAENG+International+Journal+of+Computer+Science%22">IAENG International Journal of Computer Science</searchLink>. May2026, Vol. 53 Issue 5, p1706-1715. 10p. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Anomaly+detection+%28Computer+security%29%22">Anomaly detection (Computer security)</searchLink><br /><searchLink fieldCode="DE" term="%22Intrusion+detection+systems+%28Computer+security%29%22">Intrusion detection systems (Computer security)</searchLink><br /><searchLink fieldCode="DE" term="%22Deep+learning%22">Deep learning</searchLink><br /><searchLink fieldCode="DE" term="%22Internet+security%22">Internet security</searchLink><br /><searchLink fieldCode="DE" term="%22Artificial+neural+networks%22">Artificial neural networks</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: Traditional signature-based host intrusion detection systems are increasingly ineffective against advanced persistent threats and previously unseen attacks. System call sequence-based anomaly detection mitigates this limitation by modeling normal behavior; however, existing deep-learning approaches often lack interpretability due to their black-box nature. To address this issue, this paper proposes an interpretable system call anomaly detection model based on a self-attention mechanism. Raw system call traces are embedded into semantic vectors and processed by a Transformer-based encoder to capture long-range dependencies. Anomaly classification is performed using attention-weighted sequence features, enabling the model to highlight system calls that are most indicative of malicious behavior. Experiments on the ADFA-WD dataset and a larger hybrid dataset demonstrate that the proposed method outperforms classical baselines, achieving approximately 5% improvement in recall and 3% improvement in F1-score over LSTM-based models. Moreover, attention visualization reveals that the model consistently emphasizes critical calls associated with privilege-escalation attacks, providing valuable interpretability for security analysts. These results indicate that self-attention enhances both detection performance and transparency in host-based intrusion detection. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of IAENG International Journal of Computer Science is the property of International Association of Engineers (IAENG) and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=193482027 |
| RecordInfo | BibRecord: BibEntity: Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 10 StartPage: 1706 Subjects: – SubjectFull: Anomaly detection (Computer security) Type: general – SubjectFull: Intrusion detection systems (Computer security) Type: general – SubjectFull: Deep learning Type: general – SubjectFull: Internet security Type: general – SubjectFull: Artificial neural networks Type: general Titles: – TitleFull: Anomaly Detection Based on System Call Sequences with Integrated Attention Mechanism. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Zhao, An – PersonEntity: Name: NameFull: Xu, Shuhua – PersonEntity: Name: NameFull: Liu, Zihao – PersonEntity: Name: NameFull: Ding, Mingyu IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 05 Text: May2026 Type: published Y: 2026 Identifiers: – Type: issn-print Value: 1819656X Numbering: – Type: volume Value: 53 – Type: issue Value: 5 Titles: – TitleFull: IAENG International Journal of Computer Science Type: main |
| ResultId | 1 |