A Unified Host-based Intrusion Detection Framework Using Spark in Cloud

The host-based intrusion detection system (HIDS) is an essential research domain of cybersecurity. HIDS examines log data of hosts to identify intrusive behaviors. The detection efficiency is a significant factor of HIDS. Traditionally, HIDS is often installed with a standalone mode. Training detection engines with a large amount of data on a single physical computer with limited computing resources may be time-consuming. Therefore, this paper offers a unified HIDS framework based on Spark and deployed in the Google cloud. The framework includes a unified machine learning pipeline to implement scalable and efficient HIDS.