TY - JOUR
AU - 
AB - Host-based Intrusion Detection System (HIDS) is an e ective last line of defense for defending against cyber security attacks after perimeter defenses (e.g., Network-based Intrusion Detection System and Firewall) have failed or been bypassed. HIDS is widely adopted in the industry as HIDS is ranked among the top two most used security tools by Security Operation Centers (SOC) of organizations. Although e ective and ecient HIDS is highly desirable for industrial organizations, the evolution of increasingly complex attack patterns causes several challenges resulting in performance degradation of HIDS (e.g., high false alert rate creating alert fatigue for SOC sta ). Since Natural Language Processing (NLP) methods are better suited for identifying complex attack patterns, an increasing number of HIDS are leveraging the advances in NLP that have shown e ective and ecient performance in precisely detecting low footprint, zero-day attacks and predicting an attacker’s next steps. This active research trend of using NLP in HIDS demands a synthesized and comprehensive body of knowledge of NLP-based HIDS. Thus, we conducted a systematic review of the literature on the end-to-end pipeline of the use of NLP in HIDS development. For the end-to-end NLP-based HIDS development pipeline, we identify, taxonomically categorize and 
TI - NLP methods in host-based intrusion detection systems: A systematic review and future directions
JF - Journal of Network and Computer Applications
DO - 10.1016/j.jnca.2023.103761
DA - 2023-11-01
UR - https://www.deepdyve.com/lp/unpaywall/nlp-methods-in-host-based-intrusion-detection-systems-a-systematic-RlluleEMvJ
DP - DeepDyve
ER -