Abstract
Intrusion Detection Systems (IDSs) have been developed for many years, but in general they fall short in efficiently detecting zero-day attacks. A promising approach to this problem is to apply linear data transformation and anomaly detection techniques on top of known attack signatures that convey contextual properties. The linear data transformation technique relies on several discriminant functions, which are used to calculate the estimated probability of zero-day attacks by analyzing network connection features. The anomaly detection technique identifies zero-day attacks using the One Class Nearest Neighbor (1-class NN) algorithm, which has been applied using Singular Value Decomposition (SVD) technique to achieve dimensionality reduction. An experimental prototype has been implemented to evaluate these techniques using data from the NSL-KDD intrusion detection dataset. The results indicate that linear data transformation techniques are quite effective and efficient in detecting zero-day attacks.
| Original language | English (US) |
|---|---|
| Pages | 159-168 |
| Number of pages | 10 |
| DOIs | |
| State | Published - 2013 |
| Externally published | Yes |
| Event | 7th International Conference on Software Security and Reliability, SERE 2013 - Gaithersburg, MD, United States Duration: Jun 18 2013 → Jun 20 2013 |
Conference
| Conference | 7th International Conference on Software Security and Reliability, SERE 2013 |
|---|---|
| Country/Territory | United States |
| City | Gaithersburg, MD |
| Period | 6/18/13 → 6/20/13 |
Keywords
- contextual information
- Intrusion detection
- misuse detection
- one class nearest neighbor
- zero-day attack
ASJC Scopus subject areas
- Software
- Safety, Risk, Reliability and Quality