A contextual anomaly detection approach to discover zero-day attacks

Ahmed Aleroud; George Karabatis

doi:10.1109/CyberSecurity.2012.12

A contextual anomaly detection approach to discover zero-day attacks

Ahmed Aleroud, George Karabatis

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

36 Scopus citations

Abstract

There is a considerable interest in developing techniques to detect zero-day (unknown) cyber-attacks, and considering context is a promising approach. This paper describes a contextual misuse approach combined with an anomaly detection technique to detect zero-day cyber attacks. The contextual misuse detection utilizes similarity with attack context profiles, and the anomaly detection technique identifies new types of attacks using the One Class Nearest Neighbor (1-NN) algorithm. Experimental results on the NSL-KDD intrusion detection dataset have shown that the proposed approach is quite effective in detecting zero-day attacks.

Original language	English (US)
Title of host publication	Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012
Publisher	IEEE Computer Society
Pages	40-45
Number of pages	6
ISBN (Print)	9780769550145
DOIs	https://doi.org/10.1109/CyberSecurity.2012.12
State	Published - 2012
Externally published	Yes
Event	2012 ASE International Conference on Cyber Security, CyberSecurity 2012 - Washington, D.C., United States Duration: Dec 14 2012 → Dec 16 2012

Publication series

Name	Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012

Conference

Conference	2012 ASE International Conference on Cyber Security, CyberSecurity 2012
Country/Territory	United States
City	Washington, D.C.
Period	12/14/12 → 12/16/12

Keywords

contextual anomaly
cyber security
misuse detection
one class nearest neighbor
zero-day attack

ASJC Scopus subject areas

Computer Networks and Communications
Safety, Risk, Reliability and Quality

Access to Document

10.1109/CyberSecurity.2012.12

Cite this

Aleroud, A., & Karabatis, G. (2012). A contextual anomaly detection approach to discover zero-day attacks. In Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012 (pp. 40-45). Article 6542524 (Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012). IEEE Computer Society. https://doi.org/10.1109/CyberSecurity.2012.12

A contextual anomaly detection approach to discover zero-day attacks. / Aleroud, Ahmed; Karabatis, George.
Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012. IEEE Computer Society, 2012. p. 40-45 6542524 (Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Aleroud, A & Karabatis, G 2012, A contextual anomaly detection approach to discover zero-day attacks. in Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012., 6542524, Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012, IEEE Computer Society, pp. 40-45, 2012 ASE International Conference on Cyber Security, CyberSecurity 2012, Washington, D.C., United States, 12/14/12. https://doi.org/10.1109/CyberSecurity.2012.12

@inproceedings{905f12dfe37044fe8bcf68ad9f390975,

title = "A contextual anomaly detection approach to discover zero-day attacks",

abstract = "There is a considerable interest in developing techniques to detect zero-day (unknown) cyber-attacks, and considering context is a promising approach. This paper describes a contextual misuse approach combined with an anomaly detection technique to detect zero-day cyber attacks. The contextual misuse detection utilizes similarity with attack context profiles, and the anomaly detection technique identifies new types of attacks using the One Class Nearest Neighbor (1-NN) algorithm. Experimental results on the NSL-KDD intrusion detection dataset have shown that the proposed approach is quite effective in detecting zero-day attacks.",

keywords = "contextual anomaly, cyber security, misuse detection, one class nearest neighbor, zero-day attack",

author = "Ahmed Aleroud and George Karabatis",

year = "2012",

doi = "10.1109/CyberSecurity.2012.12",

language = "English (US)",

isbn = "9780769550145",

series = "Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012",

publisher = "IEEE Computer Society",

pages = "40--45",

booktitle = "Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012",

note = "2012 ASE International Conference on Cyber Security, CyberSecurity 2012 ; Conference date: 14-12-2012 Through 16-12-2012",

}

TY - GEN

T1 - A contextual anomaly detection approach to discover zero-day attacks

AU - Aleroud, Ahmed

AU - Karabatis, George

PY - 2012

Y1 - 2012

N2 - There is a considerable interest in developing techniques to detect zero-day (unknown) cyber-attacks, and considering context is a promising approach. This paper describes a contextual misuse approach combined with an anomaly detection technique to detect zero-day cyber attacks. The contextual misuse detection utilizes similarity with attack context profiles, and the anomaly detection technique identifies new types of attacks using the One Class Nearest Neighbor (1-NN) algorithm. Experimental results on the NSL-KDD intrusion detection dataset have shown that the proposed approach is quite effective in detecting zero-day attacks.

AB - There is a considerable interest in developing techniques to detect zero-day (unknown) cyber-attacks, and considering context is a promising approach. This paper describes a contextual misuse approach combined with an anomaly detection technique to detect zero-day cyber attacks. The contextual misuse detection utilizes similarity with attack context profiles, and the anomaly detection technique identifies new types of attacks using the One Class Nearest Neighbor (1-NN) algorithm. Experimental results on the NSL-KDD intrusion detection dataset have shown that the proposed approach is quite effective in detecting zero-day attacks.

KW - contextual anomaly

KW - cyber security

KW - misuse detection

KW - one class nearest neighbor

KW - zero-day attack

UR - http://www.scopus.com/inward/record.url?scp=84881042308&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84881042308&partnerID=8YFLogxK

U2 - 10.1109/CyberSecurity.2012.12

DO - 10.1109/CyberSecurity.2012.12

M3 - Conference contribution

AN - SCOPUS:84881042308

SN - 9780769550145

T3 - Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012

SP - 40

EP - 45

BT - Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012

PB - IEEE Computer Society

T2 - 2012 ASE International Conference on Cyber Security, CyberSecurity 2012

Y2 - 14 December 2012 through 16 December 2012

ER -

A contextual anomaly detection approach to discover zero-day attacks

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this