Abstract
Intrusion detection system(IDS) has played an important role as a device to defend our networks from cyber attacks. However, since it still suffers from detecting an unknown attack, i.e., 0-day attack, the ultimate challenge in intrusion detection field is how we can exactly identify such an attack. This paper presents a novel approach that is quite different from the traditional detection models based on raw traffic data. The proposed method can extract unknown activities from IDS alerts by applying data mining technique. We evaluated our method over the log data of IDS that is deployed in Kyoto University, and our experimental results show that it can extract unknown(or under development) attacks from IDS alerts by assigning a score to them that reflects how anomalous they are, and visualizing the scored alerts. © Springer-Verlag Berlin Heidelberg 2007.
Cite
CITATION STYLE
Song, J., Ohba, H., Takakura, H., Okabe, Y., Ohira, K., & Kwon, Y. (2007). A comprehensive approach to detect unknown attacks via intrusion detection alerts. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4846 LNCS, pp. 247–253). Springer Verlag. https://doi.org/10.1007/978-3-540-76929-3_23
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
