The focus of this research is a knowledge-based intrusion detection technique that utilizes contextual relations between known attacks to identify zero-day attacks, which are exploits of unknown software vulnerabilities. The proposed technique uses information entropy and linear data transformation to generate feature-based and linear function-based attack profiles. It systematically creates contextual relationships between known attacks to generate attack profiles that capture most likely combinations of activities an attacker might exploit to initiate zero-day attacks. We utilize the similarity among the features of the incoming network connections and these profiles to discover zero-day attacks. Our experiments on benchmark intrusion detection datasets indicate that utilizing contextual relationships to generate attack profiles leads to a satisfactory detection rate of zero-day attacks from network data at different levels of granularity. © Springer International Publishing Switzerland 2014.
CITATION STYLE
Aleroud, A., & Karabatis, G. (2014). Detecting Zero-Day Attacks Using Contextual Relations. In Lecture Notes in Business Information Processing (Vol. 185 LNBIP, pp. 373–385). Springer Verlag. https://doi.org/10.1007/978-3-319-08618-7_36
Mendeley helps you to discover research relevant for your work.