Abstract
Signature-based intrusion detection system is currently used widely, but it is dependent on high quality and complete attack signature database. Despite a great number of automatic attack feature extraction system has been proposed, however, with the progress of attack technology, automatic attack signature generation system research is still an open problem. This paper presents a novel combining supervised and unsupervised learning for automatic attack signature generation system based on the transport layer and the network layer statistics feature, and the system outputs the signature sets in feedback way. Finally we demonstrate the effectiveness of the model by using network data from the laboratory and Darpa2000 datasets.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
China Internet Network Information Center. China Internet Development Statistics Report, http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201403/P020140305346585959798.pdf
Wang, X.L.: Analysis and Detection of Botnet Anomaly Traffic. Beijing University of Posts and Telecommunications. Ph D Thesis, Beijing (2011)
Niu, S.Z.: Introduction to Secure Information Systems, pp. 3-15. Beijing University of posts and telecommunications Press, Beijing (2004)
Tang, Y., Lu, X.C., Wang, Y.J.: Survey of Automatic Attack Signature Generation. Journal on Communications 30, 96–105 (2009)
Kreibich, C., Crowcroft, J.: Honeycomb-creating intrusion detection signatures using honeypots. In: Proceedings of the Second Workshop on Hot Topics in Networks, Boston, pp. 51–56 (2003)
Tang, Y.: Research on Network-based Automatic Attack Signature Generation. National University of Defence Technology. Ph D Thesis, Changsha (2008)
Wang, K., Cretu, G.F., Stolfo, S.J.: Anomalous payload-based worm detection and signature generation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 227–246. Springer, Heidelberg (2006)
Vargiya, R., Chan, P.K.: Boundary detection in tokenizing network application payload for anomaly detection. In: Proceedings of ICDM Workshop on Data Mining for Computer Security (2003)
Comar, P.M., Liu, L.: Combining Supervised and Unsupervised Learning for Zero-Day Malware Detection. In: Proceedings IEEE INFOCOM, pp. 2022–2030. IEEE Press (2013)
Han, J.W., Kamber, M.: Data Mining Concepts and Techniques, pp. 211–321. China Machine Press, Beijing (2011)
Lincoln Laboratory, DARPA Intrusion Detection Scenario Specific Data Sets (2000), http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/2000data.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Yang, L., Wang, J., Zhong, P. (2014). Combining Supervised and Unsupervised Learning for Automatic Attack Signature Generation System. In: Sun, Xh., et al. Algorithms and Architectures for Parallel Processing. ICA3PP 2014. Lecture Notes in Computer Science, vol 8630. Springer, Cham. https://doi.org/10.1007/978-3-319-11197-1_47
Download citation
DOI: https://doi.org/10.1007/978-3-319-11197-1_47
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11196-4
Online ISBN: 978-3-319-11197-1
eBook Packages: Computer ScienceComputer Science (R0)