Skip to main content
SpringerLink
Log in

Detecting Zero-Day Attacks Using Contextual Relations

  • Conference paper
  • First Online:
Knowledge Management in Organizations (KMO 2014)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 185))

Included in the following conference series:

Abstract

The focus of this research is a knowledge-based intrusion detection technique that utilizes contextual relations between known attacks to identify zero-day attacks, which are exploits of unknown software vulnerabilities. The proposed technique uses information entropy and linear data transformation to generate feature-based and linear function-based attack profiles. It systematically creates contextual relationships between known attacks to generate attack profiles that capture most likely combinations of activities an attacker might exploit to initiate zero-day attacks. We utilize the similarity among the features of the incoming network connections and these profiles to discover zero-day attacks. Our experiments on benchmark intrusion detection datasets indicate that utilizing contextual relationships to generate attack profiles leads to a satisfactory detection rate of zero-day attacks from network data at different levels of granularity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Song, J., Takakura, H., Kwon, Y.: A Generalized feature extraction scheme to detect 0-day attacks via IDS alerts. In: Proceedings of the International Symposium on Applications and the Internet, pp. 55–61. IEEE Press (2008)

    Google Scholar 

  2. Common Vulnerabilities and Exposures, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5616

  3. Wang, K., Cretu, G.F., Stolfo, S.J.: Anomalous payload-based worm detection and signature generation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 227–246. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  4. Binkley, J.R., Singh, S.: An algorithm for anomaly-based Botnet detection. In: Proceedings of USENIX Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI), pp. 43–48 (2006)

    Google Scholar 

  5. Shon, T., Moon, J.: A hybrid machine learning approach to network anomaly detection. Inf. Sci. 177, 3799–3821 (2007)

    Article  Google Scholar 

  6. Guan, Y., Ghorbani, A.A., Belacel, N.: Y-means: a clustering method for intrusion detection. In: IEEE Canadian Conference on Electrical and Computer Engineering, pp. 1083–1086. IEEE, New York (2003)

    Google Scholar 

  7. Vigna, G., Robertson, W., Balzarotti, D.: Testing network-based intrusion detection signatures using mutant exploits. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 21–30. ACM (2004)

    Google Scholar 

  8. Hendry, G.R., Yang, S.J.: Intrusion signature creation via clustering anomalies. In: Proceedings of SPIE Security and Defense Symposium, Bellingham, WA, pp. 69730C–69731 (2008)

    Google Scholar 

  9. Portnoy, L.: Intrusion detection with unlabeled data using clustering. Technical report, Department of Computer Science, Columbia University (2001)

    Google Scholar 

  10. Zhichun, L., Manan, S., Yan, C., Ming-Yang, K., Chavez, B.: Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. In: IEEE Symposium on Security and Privacy, pp. 15–47. IEEE Press, New York (2006)

    Google Scholar 

  11. Song, J., Ohba, H., Takakura, H., Okabe, Y., Ohira, K., Kwon, Y.-J.: A comprehensive approach to detect unknown attacks via intrusion detection alerts. In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 247–253. Springer, Heidelberg (2007)

    Google Scholar 

  12. Wang, L., Jajodia, S., Singhal, A., Noel, S.: k-zero day safety: measuring the security risk of networks against unknown attacks. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 573–587. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  13. Lincoln Laboratory, Massachusetts Institute of Technology. http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/docs/index.html

  14. Gupta, K.K., Nath, B., Kotagiri, R.: Layered approach using conditional random fields for intrusion detection. IEEE Trans. Dependable Secure Comput. 7, 35–49 (2010)

    Article  Google Scholar 

  15. Boriah, S., Chandola, V., Kumar, V.: Similarity measures for categorical data: a comparative evaluation. In: Proceedings of the Eighth SIAM International Conference on Data Mining, pp. 243–254 (2008)

    Google Scholar 

  16. Aleroud, A., Karabatis, G., Sharma, P., He, P.: Context and semantics for detection of cyber attacks. Int. J. Inf. Comput. Secur. 6, 63–92 (2014)

    Google Scholar 

  17. Mika, S., Ratsch, G., Weston, J., Scholkopf, B., Mullers, K.R.: Fisher discriminant analysis with kernels. In: Proceedings of the IEEE Signal Processing Society Workshop, pp. 41–48. IEEE Press, New York (1999)

    Google Scholar 

  18. Tuerk, A.: Implicit softmax transforms for dimensionality reduction. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP’08), pp. 1973–1976. IEEE (2008)

    Google Scholar 

  19. Sperotto, A., Sadre, R., van Vliet, F., Pras, A.: A labeled data set for flow-based intrusion detection. In: Nunzi, G., Scoglio, C., Li, X. (eds.) IPOM 2009. LNCS, vol. 5843, pp. 39–50. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  20. Guo, C., Zhou, Y.-J., Ping, Y., Luo, S.-S., Lai, Y.-P., Zhang, Z.-K.: Efficient intrusion detection using representative instances. Comput. Secur. 39, 255–267 (2013)

    Article  Google Scholar 

  21. Sabhnani, M., Serpen, G.: Application of machine learning algorithms to kdd intrusion detection dataset within misuse detection context. In: Proceedings of the International Conference on Machine Learning: Models, Technologies, and Applications, pp. 209–215. CSREA Press (2003)

    Google Scholar 

  22. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31, 357–374 (2012)

    Article  Google Scholar 

  23. Bolzoni, D., Zambon, E., Etalle, S., Hartel, P.: Poseidon: A 2-tier anomaly-based intrusion detection system. In: Fourth IEEE International Workshop on Information Assurance, pp. 146–156 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Systems, University of Maryland, Baltimore County (UMBC), 1000 Hilltop Circle, Baltimore, MD, 21250, USA

    Ahmed Aleroud & George Karabatis

Authors
  1. Ahmed Aleroud
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. George Karabatis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ahmed Aleroud .

Editor information

Editors and Affiliations

  1. Staffordshire University, Staffordshire, United Kingdom

    Lorna Uden

  2. Universidad Santa Maria, Santiago, Chile

    Darcy Fuenzaliza Oshee

  3. National University of Kaohsiung, Kaohsiung City, Taiwan

    I-Hsien Ting

  4. Universidad Santa Maria, Santiago, Chile

    Dario Liberona

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Aleroud, A., Karabatis, G. (2014). Detecting Zero-Day Attacks Using Contextual Relations. In: Uden, L., Fuenzaliza Oshee, D., Ting, IH., Liberona, D. (eds) Knowledge Management in Organizations. KMO 2014. Lecture Notes in Business Information Processing, vol 185. Springer, Cham. https://doi.org/10.1007/978-3-319-08618-7_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08618-7_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08617-0

  • Online ISBN: 978-3-319-08618-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation