Natural Language Processing with machine learning for anomaly detection on system call logs
- Authors: Goosen, Christo
- Date: 2023-10-13
- Subjects: Uncatalogued
- Language: English
- Type: Academic theses , Master's theses , text
- Identifier: http://hdl.handle.net/10962/424699 , vital:72176
- Description: Host intrusion detection systems and machine learning have been studied for many years especially on datasets like KDD99. Current research and systems are focused on low training and processing complex problems such as system call returns, which lack the system call arguments and potential traces of exploits run against a system. With respect to malware and vulnerabilities, signatures are relied upon, and the potential for natural language processing of the resulting logs and system call traces needs further experimentation. This research looks at unstructured raw system call traces from x86_64 bit GNU Linux operating systems with natural language processing and supervised and unsupervised machine learning techniques to identify current and unseen threats. The research explores whether these tools are within the skill set of information security professionals, or require data science professionals. The research makes use of an academic and modern system call dataset from Leipzig University and applies two machine learning models based on decision trees. Random Forest as the supervised algorithm is compared to the unsupervised Isolation Forest algorithm for this research, with each experiment repeated after hyper-parameter tuning. The research finds conclusive evidence that the Isolation Forest Tree algorithm is effective, when paired with a Principal Component Analysis, in identifying anomalies in the modern Leipzig Intrusion Detection Data Set (LID-DS) dataset combined with samples of executed malware from the Virus Total Academic dataset. The base or default model parameters produce sub-optimal results, whereas using a hyper-parameter tuning technique increases the accuracy to within promising levels for anomaly and potential zero day detection. , Thesis (MSc) -- Faculty of Science, Computer Science, 2023
- Full Text:
- Date Issued: 2023-10-13
- Authors: Goosen, Christo
- Date: 2023-10-13
- Subjects: Uncatalogued
- Language: English
- Type: Academic theses , Master's theses , text
- Identifier: http://hdl.handle.net/10962/424699 , vital:72176
- Description: Host intrusion detection systems and machine learning have been studied for many years especially on datasets like KDD99. Current research and systems are focused on low training and processing complex problems such as system call returns, which lack the system call arguments and potential traces of exploits run against a system. With respect to malware and vulnerabilities, signatures are relied upon, and the potential for natural language processing of the resulting logs and system call traces needs further experimentation. This research looks at unstructured raw system call traces from x86_64 bit GNU Linux operating systems with natural language processing and supervised and unsupervised machine learning techniques to identify current and unseen threats. The research explores whether these tools are within the skill set of information security professionals, or require data science professionals. The research makes use of an academic and modern system call dataset from Leipzig University and applies two machine learning models based on decision trees. Random Forest as the supervised algorithm is compared to the unsupervised Isolation Forest algorithm for this research, with each experiment repeated after hyper-parameter tuning. The research finds conclusive evidence that the Isolation Forest Tree algorithm is effective, when paired with a Principal Component Analysis, in identifying anomalies in the modern Leipzig Intrusion Detection Data Set (LID-DS) dataset combined with samples of executed malware from the Virus Total Academic dataset. The base or default model parameters produce sub-optimal results, whereas using a hyper-parameter tuning technique increases the accuracy to within promising levels for anomaly and potential zero day detection. , Thesis (MSc) -- Faculty of Science, Computer Science, 2023
- Full Text:
- Date Issued: 2023-10-13
The mathematical and pedagogical content knowledge that Namibian senior primary teachers draw on to develop their learners’ computational estimation
- Authors: Shigwedha, Emilia Ndilimeke
- Date: 2023-10-13
- Subjects: Uncatalogued
- Language: English
- Type: Academic theses , Master's theses , text
- Identifier: http://hdl.handle.net/10962/424108 , vital:72124
- Description: Computational estimation is important in the development of learners’ number sense. It is through the process of finding an approximate (but satisfactory) that learners can check the reasonableness of their answers to calculations, develop an understanding of place value and by implication the four number operations. It is the role of teachers to develop the computational estimation skills of learners. To do this, teachers need to have a sound knowledge of computational estimation, its value and how to teach it. This study thus seeks to explore and understand Namibian senior primary teachers’ mathematical and pedagogical content knowledge to develop their learners’ computation estimation knowledge. The research is guided by the following question: What mathematical and pedagogical content knowledge do senior primary mathematics teachers draw on to develop their learners’ computational estimation skills? The research is a qualitative interpretivist case study. Eight senior primary teachers of Mathematics from the Ohangwena region in Namibia participated in the study. Data was generated through questionnaires, a focus group interview and lesson observations. The Mathematics Knowledge for Teaching (Ball et al., 2008) and the Knowledge Quartet (Rowland, 2005) frameworks were used as both analytic and explanatory tools for the study. Key findings from the research are that teachers have knowledge of and use a variety of strategies for estimation, however, they only use the ‘rounding off’ strategy when teaching learners computational estimation. The teachers appear to teach computational estimation by first focusing on place value before moving on to ‘rounding off’ to the nearest 10s, 100s, 1000s and so forth. My research recommends that the National Institute of Educational Development together with the Ministry of Education, Art and Culture in Namibia, provide teachers with professional development opportunities on how to develop learners’ computational estimation. Such professional development will further develop teachers’ mathematical and pedagogical content knowledge. Furthermore, the Namibian syllabus should include a variety of strategies for computational estimation. , Thesis (MEd) -- Faculty of Education, Primary and Early Childhood Education, 2023
- Full Text:
- Date Issued: 2023-10-13
- Authors: Shigwedha, Emilia Ndilimeke
- Date: 2023-10-13
- Subjects: Uncatalogued
- Language: English
- Type: Academic theses , Master's theses , text
- Identifier: http://hdl.handle.net/10962/424108 , vital:72124
- Description: Computational estimation is important in the development of learners’ number sense. It is through the process of finding an approximate (but satisfactory) that learners can check the reasonableness of their answers to calculations, develop an understanding of place value and by implication the four number operations. It is the role of teachers to develop the computational estimation skills of learners. To do this, teachers need to have a sound knowledge of computational estimation, its value and how to teach it. This study thus seeks to explore and understand Namibian senior primary teachers’ mathematical and pedagogical content knowledge to develop their learners’ computation estimation knowledge. The research is guided by the following question: What mathematical and pedagogical content knowledge do senior primary mathematics teachers draw on to develop their learners’ computational estimation skills? The research is a qualitative interpretivist case study. Eight senior primary teachers of Mathematics from the Ohangwena region in Namibia participated in the study. Data was generated through questionnaires, a focus group interview and lesson observations. The Mathematics Knowledge for Teaching (Ball et al., 2008) and the Knowledge Quartet (Rowland, 2005) frameworks were used as both analytic and explanatory tools for the study. Key findings from the research are that teachers have knowledge of and use a variety of strategies for estimation, however, they only use the ‘rounding off’ strategy when teaching learners computational estimation. The teachers appear to teach computational estimation by first focusing on place value before moving on to ‘rounding off’ to the nearest 10s, 100s, 1000s and so forth. My research recommends that the National Institute of Educational Development together with the Ministry of Education, Art and Culture in Namibia, provide teachers with professional development opportunities on how to develop learners’ computational estimation. Such professional development will further develop teachers’ mathematical and pedagogical content knowledge. Furthermore, the Namibian syllabus should include a variety of strategies for computational estimation. , Thesis (MEd) -- Faculty of Education, Primary and Early Childhood Education, 2023
- Full Text:
- Date Issued: 2023-10-13
- «
- ‹
- 1
- ›
- »