A Generalized Feature Extraction Scheme to Detect 0-Day Attacks via IDS Alerts

July 28-August 01

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SAINT.2008.85

2008 International Symposium on Appli ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jungsuk Song Articles by Hiroki Takakura Articles by Yongjin Kwon

	ASCII Text	x
	Jungsuk Song, Hiroki Takakura, Yongjin Kwon, "A Generalized Feature Extraction Scheme to Detect 0-Day Attacks via IDS Alerts," Applications and the Internet, IEEE/IPSJ International Symposium on, pp. 55-61, 2008 International Symposium on Applications and the Internet, 2008.

	BibTex	x
	@article{ 10.1109/SAINT.2008.85, author = {Jungsuk Song and Hiroki Takakura and Yongjin Kwon}, title = {A Generalized Feature Extraction Scheme to Detect 0-Day Attacks via IDS Alerts}, journal ={Applications and the Internet, IEEE/IPSJ International Symposium on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3297-4}, pages = {55-61}, doi = {http://doi.ieeecomputersociety.org/10.1109/SAINT.2008.85}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Applications and the Internet, IEEE/IPSJ International Symposium on TI - A Generalized Feature Extraction Scheme to Detect 0-Day Attacks via IDS Alerts SN - 978-0-7695-3297-4 SP55 EP61 A1 - Jungsuk Song, A1 - Hiroki Takakura, A1 - Yongjin Kwon, PY - 2008 KW - null VL - 0 JA - Applications and the Internet, IEEE/IPSJ International Symposium on ER -

Jungsuk Song

Hiroki Takakura

Yongjin Kwon

Intrusion detection system (IDS) has played an important role as a device to defend our networks from cyber attacks. However, since it still suffers from detecting an unknown attack, i.e., 0-day attack, the ultimate challenge in intrusion detection field is how we can exactly identify such an attack. Unlike the existing approaches that investigate raw traffic data, we introduced a feature extraction method in order to detect such an attack from IDS alerts[11]. However, there is a problem that it can be only applied to limited IDS products. In this paper, we present a generalized version of the feature extraction method. To this end, we define new 7 features using only the basic 6 features of IDS alerts; detection time, source address and port, destination address and port, and signature name. In order to detect 0-day attack from IDS alerts with new 7 features, we apply an unsupervised learning technique, One-class SVM, to them. We evaluated our method over the log data of IDS that is deployed in Kyoto University, and our experimental results show that it has capability to detect not only a type of 0-day attack detected in our previous study, but also several different types of 0-day attack.

Citation:

Jungsuk Song, Hiroki Takakura, Yongjin Kwon, "A Generalized Feature Extraction Scheme to Detect 0-Day Attacks via IDS Alerts," saint, pp.55-61, 2008 International Symposium on Applications and the Internet, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.