Detecting Zero-Day Attacks Using Contextual Relations

Ahmed Aleroud, George Karabatis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations


The focus of this research is a knowledge-based intrusion detection technique that utilizes contextual relations between known attacks to identify zero-day attacks, which are exploits of unknown software vulnerabilities. The proposed technique uses information entropy and linear data transformation to generate feature-based and linear function-based attack profiles. It systematically creates contextual relationships between known attacks to generate attack profiles that capture most likely combinations of activities an attacker might exploit to initiate zero-day attacks. We utilize the similarity among the features of the incoming network connections and these profiles to discover zero-day attacks. Our experiments on benchmark intrusion detection datasets indicate that utilizing contextual relationships to generate attack profiles leads to a satisfactory detection rate of zero-day attacks from network data at different levels of granularity.

Original languageEnglish (US)
Title of host publicationKnowledge Management in Organizations - 9th International Conference, KMO 2014, Proceedings
PublisherSpringer Verlag
Number of pages13
ISBN (Print)9783319086170
StatePublished - 2014
Externally publishedYes
Event9th International Conference on Knowledge Management in Organizations, KMO 2014 - Santiago, Chile
Duration: Sep 2 2014Sep 5 2014

Publication series

NameLecture Notes in Business Information Processing
Volume185 LNBIP
ISSN (Print)1865-1348


Conference9th International Conference on Knowledge Management in Organizations, KMO 2014


  • Contextual relations
  • Entropy
  • IP flows
  • Intrusion detection
  • Zero-day attacks

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Management Information Systems
  • Business and International Management
  • Information Systems
  • Modeling and Simulation
  • Information Systems and Management


Dive into the research topics of 'Detecting Zero-Day Attacks Using Contextual Relations'. Together they form a unique fingerprint.

Cite this