مرکز منطقه ای اطلاع رساني علوم و فناوري - A Contextual Anomaly Detection Approach to Discover Zero-Day Attacks

DocumentCode :

609914

Title :

A Contextual Anomaly Detection Approach to Discover Zero-Day Attacks

Author :

AlEroud, Ahmed ; Karabatis, George

Author_Institution :

Dept. of Inf. Syst., Univ. of Maryland, Baltimore, MD, USA

fYear :

2012

fDate :

14-16 Dec. 2012

Firstpage :

Lastpage :

Abstract :

There is a considerable interest in developing techniques to detect zero-day (unknown) cyber-attacks, and considering context is a promising approach. This paper describes a contextual misuse approach combined with an anomaly detection technique to detect zero-day cyber attacks. The contextual misuse detection utilizes similarity with attack context profiles, and the anomaly detection technique identifies new types of attacks using the One Class Nearest Neighbor (1-NN) algorithm. Experimental results on the NSL-KDD intrusion detection dataset have shown that the proposed approach is quite effective in detecting zero-day attacks.

Keywords :

computer network security; pattern classification; NSL-KDD intrusion detection dataset; attack context profiles; contextual anomaly detection approach; contextual misuse detection; one class nearest neighbor algorithm; zero-day attacks discovery; zero-day cyber-attacks; contextual anomaly; cyber security; misuse detection; one class nearest neighbor; zero-day attack;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Cyber Security (CyberSecurity), 2012 International Conference on

Conference_Location :

Washington, DC

Print_ISBN :

978-1-4799-0219-4

Type :

conf

DOI :

10.1109/CyberSecurity.2012.12

Filename :

6542524

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=609914