A contextual anomaly detection approach to discover zero-day attacks

Ahmed Aleroud, George Karabatis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

23 Scopus citations

Abstract

There is a considerable interest in developing techniques to detect zero-day (unknown) cyber-attacks, and considering context is a promising approach. This paper describes a contextual misuse approach combined with an anomaly detection technique to detect zero-day cyber attacks. The contextual misuse detection utilizes similarity with attack context profiles, and the anomaly detection technique identifies new types of attacks using the One Class Nearest Neighbor (1-NN) algorithm. Experimental results on the NSL-KDD intrusion detection dataset have shown that the proposed approach is quite effective in detecting zero-day attacks.

Original languageEnglish (US)
Title of host publicationProceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012
PublisherIEEE Computer Society
Pages40-45
Number of pages6
ISBN (Print)9780769550145
DOIs
StatePublished - 2012
Externally publishedYes
Event2012 ASE International Conference on Cyber Security, CyberSecurity 2012 - Washington, D.C., United States
Duration: Dec 14 2012Dec 16 2012

Publication series

NameProceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012

Conference

Conference2012 ASE International Conference on Cyber Security, CyberSecurity 2012
CountryUnited States
CityWashington, D.C.
Period12/14/1212/16/12

Keywords

  • contextual anomaly
  • cyber security
  • misuse detection
  • one class nearest neighbor
  • zero-day attack

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'A contextual anomaly detection approach to discover zero-day attacks'. Together they form a unique fingerprint.

Cite this