A Hybrid Real-time Zero-day Attack Detection and Analysis System
作者: Ratinder Kaur , , Maninder Singh
DOI: 10.5815/IJCNIS.2015.09.03
关键词:
摘要: A zero-day attack poses a serious threat to the Internet security as it exploits vulnerabilities in computer systems. Attackers take advantage of unknown nature and use them conjunction with highly sophisticated targeted attacks achieve stealthiness respect standard intrusion detection techniques. Thus, it's difficult defend against such attacks. Present research exhibits various issues is not able provide complete solution for analysis This paper presents novel hybrid system that integrates anomaly, behavior signature based techniques detecting analyzing real-time. It has layered modular design which helps high performance, flexibility scalability. The implemented evaluated metrics like True Positive Rate (TPR), False (FPR), F- Measure, Total Accuracy (ACC) Receiver Operating Characteristic (ROC) curve. result shows rate nearly zero false positives. Additionally, proposed compared Honeynet system.
mecs-press.org
sci-hub.st 参考文章(34)
Mamoun Alazab, Sitalakshmi Venkatraman, Paul A Watters, Moutaz Alazab, None, Zero-day malware detection based on supervised learning algorithms of API call signatures australasian data mining conference. pp. 171- 182 ,(2011)
Ahmed Aleroud, George Karabatis, Detecting Zero-Day Attacks Using Contextual Relations 9th International Conference on Knowledge Management in Organizations, KMO 2014. pp. 373- 385 ,(2014) , 10.1007/978-3-319-08618-7_36
Ratinder Kaur, Maninder Singh, Two-Level Automated Approach for Defending Against Obfuscated Zero-Day Attacks Lecture Notes in Computer Science. pp. 164- 179 ,(2015) , 10.1007/978-3-319-17127-2_11
Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, Giovanni Vigna, Polymorphic Worm Detection Using Structural Information of Executables Lecture Notes in Computer Science. pp. 207- 226 ,(2006) , 10.1007/11663812_11
Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos, Emulation-based detection of non-self-contained polymorphic shellcode recent advances in intrusion detection. pp. 87- 106 ,(2007) , 10.1007/978-3-540-74320-0_5
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Yonggan Hou, J. W. Zhuge, Dan Xin, Wenya Feng, SBE '—' A Precise Shellcode Detection Engine Based on Emulation and Support Vector Machine information security practice and experience. pp. 159- 171 ,(2014) , 10.1007/978-3-319-06320-1_13
Corrado Leita, Marc Dacier, Georg Wicherski, SGNET: a distributed infrastructure to handle zero-day exploits EURECOM. ,(2007)
Ali Abbasi, Jos Wetzels, Wouter Bokslag, Emmanuele Zambon, Sandro Etalle, On Emulation-Based Network Intrusion Detection Systems recent advances in intrusion detection. pp. 384- 404 ,(2014) , 10.1007/978-3-319-11379-1_19
Prakash Mandayam Comar, Lei Liu, Sabyasachi Saha, Pang-Ning Tan, Antonio Nucci, Combining supervised and unsupervised learning for zero-day malware detection 2013 Proceedings IEEE INFOCOM. pp. 2022- 2030 ,(2013) , 10.1109/INFCOM.2013.6567003