{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,2]],"date-time":"2025-12-02T16:14:04Z","timestamp":1764692044342,"version":"3.46.0"},"reference-count":31,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2025,11,28]],"date-time":"2025-11-28T00:00:00Z","timestamp":1764288000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Ministry of Economic Development of the Russian Federation","award":["000000C313925P4G0002"],"award-info":[{"award-number":["000000C313925P4G0002"]}]},{"name":"Ivannikov Institute for System Programming of the Russian Academy of Sciences","award":["139-15-2025-011"],"award-info":[{"award-number":["139-15-2025-011"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["BDCC"],"abstract":"<jats:p>This study addresses the problem of automatic attack detection targeting Linux-based machines and web applications through the analysis of system logs, with a particular focus on reducing the computational requirements of existing solutions. The aim of the research is to develop and evaluate the effectiveness of machine learning models capable of classifying system events as benign or malicious, while also identifying the type of attack under resource-constrained conditions. The Linux-APT-Dataset-2024 was employed as the primary source of data. To mitigate the challenge of high computational complexity, model optimization techniques such as parameter quantization, knowledge distillation, and architectural simplifications were applied. Experimental results demonstrate that the proposed approaches significantly reduce computational overhead and hardware requirements while maintaining high classification accuracy. The findings highlight the potential of optimized machine learning algorithms for the development of practical early threat detection systems in Linux environments with limited resources, which is particularly relevant for deployment in IoT devices and edge computing systems.<\/jats:p>","DOI":"10.3390\/bdcc9120303","type":"journal-article","created":{"date-parts":[[2025,12,2]],"date-time":"2025-12-02T15:31:46Z","timestamp":1764689506000},"page":"303","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Optimization of Machine Learning Algorithms with Distillation and Quantization for Early Detection of Attacks in Resource-Constrained Systems"],"prefix":"10.3390","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-7069-7542","authenticated-orcid":false,"given":"Mikhail","family":"Rusanov","sequence":"first","affiliation":[{"name":"Department of Information Systems and Technologies, Institute of Information Technology, Moscow University of Finance and Law, 115191 Moscow, Russia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7066-0061","authenticated-orcid":false,"given":"Mikhail","family":"Babenko","sequence":"additional","affiliation":[{"name":"North Caucasus Center for Mathematical Research, North-Caucasus Federal University, 355017 Stavropol, Russia"},{"name":"Research Center for Trusted Artificial Intelligence, Ivannikov Institute for System Programming of the Russian Academy of Science, 109004 Moscow, Russia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8117-9142","authenticated-orcid":false,"given":"Maria","family":"Lapina","sequence":"additional","affiliation":[{"name":"North Caucasus Center for Mathematical Research, North-Caucasus Federal University, 355017 Stavropol, Russia"},{"name":"Research Center for Trusted Artificial Intelligence, Ivannikov Institute for System Programming of the Russian Academy of Science, 109004 Moscow, Russia"}]}],"member":"1968","published-online":{"date-parts":[[2025,11,28]]},"reference":[{"key":"ref_1","unstructured":"Alma, T., and Das, M.L. (2020). Web Application Attack Detection using Deep Learning. arXiv."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Gupta, N., Traore, I., and Quinan, P.M.F. (2019, January 9\u201312). Automated Event Prioritization for Security Operation Center using Deep Learning. Proceedings of the 2019 IEEE International Conference on Big Data (Big Data), Los Angeles, CA, USA.","DOI":"10.1109\/BigData47090.2019.9006073"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"2485","DOI":"10.1109\/JIOT.2021.3086398","article-title":"ShellCore: Automating Malicious IoT Software Detection by Using Shell Commands Representation","volume":"9","author":"Alasmary","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"ref_4","unstructured":"Trizna, D. (2021, January 4\u20135). Shell Language Processing: Unix command parsing for Machine Learning. Proceedings of the Conference on Applied Machine Learning for Information Security (CAMLIS), Arlington, VA, USA."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1116","DOI":"10.30574\/wjarr.2024.24.2.3449","article-title":"Exploring lightweight machine learning models for personal internet of things (IOT) device security","volume":"24","author":"Amgbara","year":"2024","journal-title":"World J. Adv. Res. Rev."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Pandey, V.K., Sahu, D., Prakash, S., Rathore, R.S., Dixit, P., and Hunko, I. (2025). A lightweight framework to secure IoT devices with limited resources in cloud environments. Sci. Rep., 15.","DOI":"10.1038\/s41598-025-09885-0"},{"key":"ref_7","unstructured":"Thompson, N.C., Greenewald, K., Lee, K., and Manso, G.F. (2020). The Computational Limits of Deep Learning. arXiv."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Ongun, T., Stokes, J.W., Bar Or, J., Tian, K., Tajaddodianfar, F., Neil, J., Seifert, C., Oprea, A., and Platt, J.C. (2021, January 6\u20138). Living-Off-The-Land Command Detection Using Active Learning. Proceedings of the RAID\u201921: 24th International Symposium on Research in Attacks, Intrusions and Defenses, San Sebastian, Spain.","DOI":"10.1145\/3471621.3471858"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Lin, J., Guo, Y., and Chen, H. (2024, January 24\u201327). Intrusion Detection at Scale with the Assistance of a Command-line Language Model. Proceedings of the Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), Brisbane, Australia.","DOI":"10.1109\/DSN-S60304.2024.00031"},{"key":"ref_10","unstructured":"Notaro, P., Haeri, S., Cardoso, J., and Gerndt, M. (2024). Command-line Risk Classification using Transformer-based Neural Architectures. arXiv."},{"key":"ref_11","unstructured":"Brodzik, A., Malec-Kruszy\u0144ski, T., Niewolski, W., Tkaczyk, M., Bocianiak, K., and Loui, S.-Y. (2024). Ransomware Detection Using Machine Learning in the Linux Kernel. arXiv."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Zhang, S., Zhao, P., and An, Z. (2025, September 30). Digraph-Mmb: A Directed Graph-Based Multimodal Model for Multi-Stage Apt Attack Detection. Available online: https:\/\/ssrn.com\/abstract=5226068.","DOI":"10.2139\/ssrn.5226068"},{"key":"ref_13","unstructured":"Devlin, J., Chang, M.-W., Lee, K., and Toutanova, K. (2018). BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. arXiv."},{"key":"ref_14","unstructured":"Weng, Q., Shao, Y., Zhang, M., and Alomari, Z. (2025, January 26\u201329). LlamaIDS: Real-Time Detection Model of Zero-Day Intrusions Using Large Language Models. Proceedings of the 2025 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE), Vancouver, BC, Canada."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"126725","DOI":"10.1016\/j.neucom.2023.126725","article-title":"PWAGAT: Potential Web attacker detection based on graph attention network","volume":"557","author":"Xu","year":"2023","journal-title":"Neurocomputing"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Tadhani, J.R., Vekariya, V., Sorathiya, V., Alshathri, S., and El-Shafai, W. (2024). Securing Web Applications Against XSS and SQLi Attacks Using a Neural Decoding and Standardization Model. Sci. Rep., 14.","DOI":"10.1038\/s41598-023-48845-4"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Guo, J., Liu, J., Wang, Z., Ma, Y., Gong, R., Xu, K., and Liu, X. (2023). Adaptive Contrastive Knowledge Distillation for BERT Compression, Association for Computational Linguistics.","DOI":"10.18653\/v1\/2023.findings-acl.569"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Wu, W., Peng, H., Zhu, H., and Zhang, D. (2024). CSMC: A Secure and Efficient Visualized Malware Classification Method Inspired by Compressed Sensing. Sensors, 24.","DOI":"10.3390\/s24134253"},{"key":"ref_19","unstructured":"Karim, S. (2025, September 30). Linux-APT-Dataset-2024 [Data Set], Version 2. Available online: https:\/\/data.mendeley.com\/datasets\/5x68fv63sh\/2."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"109688","DOI":"10.1016\/j.comnet.2023.109688","article-title":"Unraveled\u2014A semi-synthetic dataset for Advanced Persistent Threats","volume":"227","author":"Myneni","year":"2023","journal-title":"Comput. Netw."},{"key":"ref_21","unstructured":"Bahar, A.A.M., and Ferrahi, K.S. (2024). Building a Novel Graph Neural Networks-Based Model for Efficient Detection of Advanced Persistent Threats. [Master\u2019s Thesis, Institut National de Formation en Informatique]."},{"key":"ref_22","unstructured":"(2025, September 30). Hugging Face: Bert-Base-Uncased. Available online: https:\/\/huggingface.co\/google-bert\/bert-base-uncased."},{"key":"ref_23","unstructured":"(2025, September 30). Hugging Face: TinyBERT_General_4L_312D. Available online: https:\/\/huggingface.co\/huawei-noah\/TinyBERT_General_4L_312D."},{"key":"ref_24","unstructured":"(2025, September 30). Hugging Face: Mobilebert-Uncased. Available online: https:\/\/huggingface.co\/google\/mobilebert-uncased."},{"key":"ref_25","unstructured":"(2025, September 30). Hugging Face: Distilbert-Base-Uncased. Available online: https:\/\/huggingface.co\/distilbert\/distilbert-base-uncased."},{"key":"ref_26","unstructured":"(2025, September 30). IBM: What Is Knowledge Distillation?. Available online: https:\/\/www.ibm.com\/think\/topics\/knowledge-distillation."},{"key":"ref_27","unstructured":"(2025, September 30). What Is Knowledge Distillation? A Deep Dive. Available online: https:\/\/blog.roboflow.com\/what-is-knowledge-distillation\/."},{"key":"ref_28","unstructured":"(2025, September 30). From Teacher to Student: Model Distillation for Cost-Effective LLM Deployment. Available online: https:\/\/blog.marvik.ai\/2025\/01\/28\/from-teacher-to-student-model-distillation-for-cost-effective-llm-deployment\/."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"1997","DOI":"10.1007\/s10489-022-03486-4","article-title":"Teacher-student collaborative knowledge distillation for image classification","volume":"53","author":"Xu","year":"2022","journal-title":"Appl. Intell."},{"key":"ref_30","unstructured":"(2025, September 30). What Is Model Distillation?. Available online: https:\/\/builtin.com\/artificial-intelligence\/model-distillation."},{"key":"ref_31","unstructured":"(2025, September 30). Hugging Face: TinyBERT_General_6L_768D. Available online: https:\/\/huggingface.co\/huawei-noah\/TinyBERT_General_6L_768D."}],"container-title":["Big Data and Cognitive Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2504-2289\/9\/12\/303\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,2]],"date-time":"2025-12-02T16:12:20Z","timestamp":1764691940000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2504-2289\/9\/12\/303"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,28]]},"references-count":31,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["bdcc9120303"],"URL":"https:\/\/doi.org\/10.3390\/bdcc9120303","relation":{},"ISSN":["2504-2289"],"issn-type":[{"value":"2504-2289","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11,28]]}}}