A contextual anomaly detection approach to discover zero-day attacks

Ahmed Aleroud, George Karabatis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

24 Scopus citations

Abstract

There is a considerable interest in developing techniques to detect zero-day (unknown) cyber-attacks, and considering context is a promising approach. This paper describes a contextual misuse approach combined with an anomaly detection technique to detect zero-day cyber attacks. The contextual misuse detection utilizes similarity with attack context profiles, and the anomaly detection technique identifies new types of attacks using the One Class Nearest Neighbor (1-NN) algorithm. Experimental results on the NSL-KDD intrusion detection dataset have shown that the proposed approach is quite effective in detecting zero-day attacks.

Original languageEnglish (US)
Title of host publicationProceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012
PublisherIEEE Computer Society
Pages40-45
Number of pages6
ISBN (Print)9780769550145
DOIs
StatePublished - 2012
Externally publishedYes
Event2012 ASE International Conference on Cyber Security, CyberSecurity 2012 - Washington, D.C., United States
Duration: Dec 14 2012Dec 16 2012

Publication series

NameProceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012

Conference

Conference2012 ASE International Conference on Cyber Security, CyberSecurity 2012
Country/TerritoryUnited States
CityWashington, D.C.
Period12/14/1212/16/12

Keywords

  • contextual anomaly
  • cyber security
  • misuse detection
  • one class nearest neighbor
  • zero-day attack

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'A contextual anomaly detection approach to discover zero-day attacks'. Together they form a unique fingerprint.

Cite this