• DocumentCode
    609914
  • Title

    A Contextual Anomaly Detection Approach to Discover Zero-Day Attacks

  • Author

    AlEroud, Ahmed ; Karabatis, George

  • Author_Institution
    Dept. of Inf. Syst., Univ. of Maryland, Baltimore, MD, USA
  • fYear
    2012
  • fDate
    14-16 Dec. 2012
  • Firstpage
    40
  • Lastpage
    45
  • Abstract
    There is a considerable interest in developing techniques to detect zero-day (unknown) cyber-attacks, and considering context is a promising approach. This paper describes a contextual misuse approach combined with an anomaly detection technique to detect zero-day cyber attacks. The contextual misuse detection utilizes similarity with attack context profiles, and the anomaly detection technique identifies new types of attacks using the One Class Nearest Neighbor (1-NN) algorithm. Experimental results on the NSL-KDD intrusion detection dataset have shown that the proposed approach is quite effective in detecting zero-day attacks.
  • Keywords
    computer network security; pattern classification; NSL-KDD intrusion detection dataset; attack context profiles; contextual anomaly detection approach; contextual misuse detection; one class nearest neighbor algorithm; zero-day attacks discovery; zero-day cyber-attacks; contextual anomaly; cyber security; misuse detection; one class nearest neighbor; zero-day attack;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Cyber Security (CyberSecurity), 2012 International Conference on
  • Conference_Location
    Washington, DC
  • Print_ISBN
    978-1-4799-0219-4
  • Type

    conf

  • DOI
    10.1109/CyberSecurity.2012.12
  • Filename
    6542524
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=609914