Article

Unknown Attacks Detection Using Feature Extraction from Anomaly-Based IDS Alerts

Authors:

Masaaki Sato,

Hirofumi Yamaki,

Hiroki TakakuraAuthors Info & Claims

SAINT '12: Proceedings of the 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet

Pages 273 - 277

https://doi.org/10.1109/SAINT.2012.51

Published: 16 July 2012 Publication History

Abstract

Intrusion Detection Systems (IDSs) play an important role detecting various kinds of attacks and defend our computer systems from them. There are basically two main types of detection techniques: signature-based and anomaly-based. A signature-based IDS cannot detect unknown attacks because a signature has not been written. To overcome this shortcoming, many researchers have been developing anomaly-based IDSs. Although they can detect unknown attacks, there is a problem that they just classify network traffic into normal or abnormal. Therefore, IDS operators have to manually inspect IDS alerts to classify them into known attacks or unknown attacks. Because there are a lot of alerts related to known attacks, it is difficult to extract only unknown attacks from them. In this paper, we present a method that automatically detects unknown attacks from an anomaly-based IDS alerts. We evaluate our method using Kyoto2006+ dataset.

Cited By

View all

Saheed YMisra S(2024)A voting gray wolf optimizer-based ensemble learning models for intrusion detection in the Internet of ThingsInternational Journal of Information Security10.1007/s10207-023-00803-x23:3(1557-1581)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1007/s10207-023-00803-x

Unknown Attacks Detection Using Feature Extraction from Anomaly-Based IDS Alerts
1. Networks
  1. Network services
2. Security and privacy
  1. Systems security

Recommendations

An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks

In this paper, we propose a novel Intrusion Detection System (IDS) architecture utilizing both anomaly and misuse detection approaches. This hybrid Intrusion Detection System architecture consists of an anomaly detection module, a misuse detection ...
Heterogeneous Fusion of IDS Alerts for Detecting DOS Attacks
ICCUBEA '15: Proceedings of the 2015 International Conference on Computing Communication Control and Automation

Denial of Service (DOS) attacks is a situation in attacker tries to prevent the user of a particular service from using that service. Intrusion detection system is more efficient compared to firewalls in detecting DOS attack generated due to internal ...
A Generalized Feature Extraction Scheme to Detect 0-Day Attacks via IDS Alerts
SAINT '08: Proceedings of the 2008 International Symposium on Applications and the Internet

Intrusion detection system (IDS) has played an important role as a device to defend our networks from cyber attacks. However, since it still suffers from detecting an unknown attack, i.e., 0-day attack, the ultimate challenge in intrusion detection ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SAINT '12: Proceedings of the 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet

July 2012

429 pages

ISBN:9780769547374

Publisher

IEEE Computer Society

United States

Publication History

Published: 16 July 2012

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Saheed YMisra S(2024)A voting gray wolf optimizer-based ensemble learning models for intrusion detection in the Internet of ThingsInternational Journal of Information Security10.1007/s10207-023-00803-x23:3(1557-1581)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1007/s10207-023-00803-x

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks

Heterogeneous Fusion of IDS Alerts for Detecting DOS Attacks

A Generalized Feature Extraction Scheme to Detect 0-Day Attacks via IDS Alerts

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations