@inproceedings{40708afdceeb4aeba3b8c0bcfaa596cf,
title = "Detecting Zero-Day Attacks Using Contextual Relations",
abstract = "The focus of this research is a knowledge-based intrusion detection technique that utilizes contextual relations between known attacks to identify zero-day attacks, which are exploits of unknown software vulnerabilities. The proposed technique uses information entropy and linear data transformation to generate feature-based and linear function-based attack profiles. It systematically creates contextual relationships between known attacks to generate attack profiles that capture most likely combinations of activities an attacker might exploit to initiate zero-day attacks. We utilize the similarity among the features of the incoming network connections and these profiles to discover zero-day attacks. Our experiments on benchmark intrusion detection datasets indicate that utilizing contextual relationships to generate attack profiles leads to a satisfactory detection rate of zero-day attacks from network data at different levels of granularity.",
keywords = "Contextual relations, Entropy, IP flows, Intrusion detection, Zero-day attacks",
author = "Ahmed Aleroud and George Karabatis",
year = "2014",
doi = "10.1007/978-3-319-08618-7_36",
language = "English (US)",
isbn = "9783319086170",
series = "Lecture Notes in Business Information Processing",
publisher = "Springer Verlag",
pages = "373--385",
booktitle = "Knowledge Management in Organizations - 9th International Conference, KMO 2014, Proceedings",
note = "9th International Conference on Knowledge Management in Organizations, KMO 2014 ; Conference date: 02-09-2014 Through 05-09-2014",
}