Detecting Zero-Day Attacks Using Contextual Relations

Ahmed Aleroud, George Karabatis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

The focus of this research is a knowledge-based intrusion detection technique that utilizes contextual relations between known attacks to identify zero-day attacks, which are exploits of unknown software vulnerabilities. The proposed technique uses information entropy and linear data transformation to generate feature-based and linear function-based attack profiles. It systematically creates contextual relationships between known attacks to generate attack profiles that capture most likely combinations of activities an attacker might exploit to initiate zero-day attacks. We utilize the similarity among the features of the incoming network connections and these profiles to discover zero-day attacks. Our experiments on benchmark intrusion detection datasets indicate that utilizing contextual relationships to generate attack profiles leads to a satisfactory detection rate of zero-day attacks from network data at different levels of granularity.

Original languageEnglish (US)
Title of host publicationKnowledge Management in Organizations - 9th International Conference, KMO 2014, Proceedings
PublisherSpringer Verlag
Pages373-385
Number of pages13
ISBN (Print)9783319086170
DOIs
StatePublished - 2014
Externally publishedYes
Event9th International Conference on Knowledge Management in Organizations, KMO 2014 - Santiago, Chile
Duration: Sep 2 2014Sep 5 2014

Publication series

NameLecture Notes in Business Information Processing
Volume185 LNBIP
ISSN (Print)1865-1348

Conference

Conference9th International Conference on Knowledge Management in Organizations, KMO 2014
Country/TerritoryChile
CitySantiago
Period9/2/149/5/14

Keywords

  • Contextual relations
  • Entropy
  • Intrusion detection
  • IP flows
  • Zero-day attacks

ASJC Scopus subject areas

  • Management Information Systems
  • Control and Systems Engineering
  • Business and International Management
  • Information Systems
  • Modeling and Simulation
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Detecting Zero-Day Attacks Using Contextual Relations'. Together they form a unique fingerprint.

Cite this