An automatic application signature construction system for unknown traffic

Wang, Yu; Xiang, Yang; Shu, Yu

doi:10.1002/cpe.1603

Cited by 41 publications

(15 citation statements)

References 15 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…В работе [25] авторы предложили интегрировать кластеризацию, основанную на статистических характеристиках потока, с методом сравнения сигнатуры полезной информации, что исключает необходимость использования обучающих наборов данных. А в работе [26] авторы предложили комбинировать кластеризацию, основанную на статистических характеристиках потока, и кластеризацию, основанную на статистических характеристиках полезной информации для обнаружения неизвестного трафика.…”

Section: идентификация сетевых трафиков на основе методов машиннunclassified

О Методах Идентификации Сетевых Трафиков

Shikhaliyev¹

2017

İnformasiya Təhlükəsizliyinin Aktual Problemləri III Respublika Elmi-Praktiki Seminarının Materialları

View full text Add to dashboard Cite

Аннотация -Точная идентификация сетевых трафиков является очень важным элементом управления и обеспечения безопасности сетей. В литературе имеются множество методов для идентификации сетевых трафиков и в зависимости от типов используемых для идентификации информации точность и полнота этих методов различаются. В статье проводится анализ как традиционных методов идентификации сетевых трафиков, так и методов основанных на машинном обучению.Ключевые слова -сетевые трафики, идентификации сетевых трафиков, классификация сетевых трафиков, методы машинного обучения

show abstract

Section: идентификация сетевых трафиков на основе методов машиннunclassified

О Методах Идентификации Сетевых Трафиков

Shikhaliyev¹

2017

İnformasiya Təhlükəsizliyinin Aktual Problemləri III Respublika Elmi-Praktiki Seminarının Materialları

View full text Add to dashboard Cite

show abstract

“…One of the biggest drawbacks for signature-based IDS is that they cannot detect zero-day worms (i.e., the worm's signature does not exist in the database). Meanwhile, some NIDS exist that check the content of network traffic; these include AutoGraph (Kim and Karp, 2004), EarlyBird (Sen et al, 2004), Anagram (Wang et al, 2010) and the LESG (Li et al, 2006) polymorphic worm (its signature can be changed each time it is sent to a vulnerable host).…”

Section: Signature Automation Approachmentioning

confidence: 99%

Behaviour Based Worm Detection and Signature Automation

Anbar¹

2011

Journal of Computer Science

View full text Add to dashboard Cite

Problem statement:A worm is a malicious piece of code that self-propagates, often via network connections, to exploit security flaws in computers connected through the network. In general, worms do not need any human intervention to propagate and are considered a real threat to network assets and the properties of organizations. An Intrusion Detection Systems (IDSs) are employed to detect the presence of the worms in the network. Approach: This study proposed a new behaviourbased worm detection and signature automation approach that consists of scanning characteristics to find vulnerable hosts and indicate the correlation between an infected host and potential destination hosts. Results: This approach can be distinguish between network scanning (random and sequential TCP and UDP worm scanning) triggered by infected and non-infected hosts. In addition, the ability to detect the worms based on its behaviours. Conclusion: Identifying network worms at an early stage can increase the protection of network services and vulnerable hosts.

show abstract

“…The key idea is to integrate statistics-based flow clustering with payload-based signature matching method, so as to eliminate the requirement of pre-labeled training data sets. The paper evaluates the efficiency of their approach using real-world traffic trace, and the results indicate that signature classifiers built from clustered data and pre-labeled data are able to achieve a similar high accuracy better than 99% [5].…”

Section: Papers Presented In This Special Sectionmentioning

confidence: 99%