@inproceedings{905f12dfe37044fe8bcf68ad9f390975,
title = "A contextual anomaly detection approach to discover zero-day attacks",
abstract = "There is a considerable interest in developing techniques to detect zero-day (unknown) cyber-attacks, and considering context is a promising approach. This paper describes a contextual misuse approach combined with an anomaly detection technique to detect zero-day cyber attacks. The contextual misuse detection utilizes similarity with attack context profiles, and the anomaly detection technique identifies new types of attacks using the One Class Nearest Neighbor (1-NN) algorithm. Experimental results on the NSL-KDD intrusion detection dataset have shown that the proposed approach is quite effective in detecting zero-day attacks.",
keywords = "contextual anomaly, cyber security, misuse detection, one class nearest neighbor, zero-day attack",
author = "Ahmed Aleroud and George Karabatis",
year = "2012",
doi = "10.1109/CyberSecurity.2012.12",
language = "English (US)",
isbn = "9780769550145",
series = "Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012",
publisher = "IEEE Computer Society",
pages = "40--45",
booktitle = "Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012",
note = "2012 ASE International Conference on Cyber Security, CyberSecurity 2012 ; Conference date: 14-12-2012 Through 16-12-2012",
}