Intrusion signature creation via clustering anomalies

Abstract: Current practices for combating cyber attacks typically use Intrusion Detection Systems (IDSs) to detect and block multistage attacks. Because of the speed and impacts of new types of cyber attacks, current IDSs are limited in providing accurate detection while reliably adapting to new attacks. In signature-based IDS systems, this limitation is made apparent by the latency from day zero of an attack to the creation of an appropriate signature. This work hypothesizes that this latency can be shortened by creati… Show more

“…In general, most types of IDSs utilize logic operations, statistical techniques, and machine learning approaches to distinguish between different types of network activities [1,2,3,4,7,13,15,16,17,18]. There have been few studies which address zero-day attack detection problems, most of them utilized unsupervised anomaly detection techniques to discover these types of attacks [1,4].…”

“…Clustering approaches have been used in [3,4] to discover new attacks types. Hendry et al in [3] proposed a hybrid supervised and unsupervised clustering algorithm for zero-day attack signature creation. The problem with this approach is the difficulty of creating sufficient and accurate new attack signatures at real-time.…”

“…Support Vector Machines (SVM) have been utilized by Jungsuk et al in [6]. Clustering approaches have been used in [3,4] to discover new attacks types. Hendry et al in [3] proposed a hybrid supervised and unsupervised clustering algorithm for zero-day attack signature creation.…”

“…Additionally, attackers keep evolving their strategies, resulting in new attack variations being undetected. Although modern IDSs are definitely useful and they improve steadily, they still struggle in analyzing ever-increasing amounts of data, generate a high amount of false alarms, fail to identify unknown (zero-day) attacks, and exhibit a low degree of reliability [1,2,3,4,5].…”

Toward Zero-Day Attack Identification Using Linear Data Transformation Techniques

“…In general, most types of IDSs utilize logic operations, statistical techniques, and machine learning approaches to distinguish between different types of network activities [1,2,3,4,7,13,15,16,17,18]. There have been few studies which address zero-day attack detection problems, most of them utilized unsupervised anomaly detection techniques to discover these types of attacks [1,4].…”

“…Clustering approaches have been used in [3,4] to discover new attacks types. Hendry et al in [3] proposed a hybrid supervised and unsupervised clustering algorithm for zero-day attack signature creation. The problem with this approach is the difficulty of creating sufficient and accurate new attack signatures at real-time.…”

“…Support Vector Machines (SVM) have been utilized by Jungsuk et al in [6]. Clustering approaches have been used in [3,4] to discover new attacks types. Hendry et al in [3] proposed a hybrid supervised and unsupervised clustering algorithm for zero-day attack signature creation.…”

“…Additionally, attackers keep evolving their strategies, resulting in new attack variations being undetected. Although modern IDSs are definitely useful and they improve steadily, they still struggle in analyzing ever-increasing amounts of data, generate a high amount of false alarms, fail to identify unknown (zero-day) attacks, and exhibit a low degree of reliability [1,2,3,4,5].…”

Toward Zero-Day Attack Identification Using Linear Data Transformation Techniques

“…Clustering can be categorized into many forms in terms of input data: Hierarchical clustering for the connectivity model, K-mean for the centroid method, distribution environment for the expectation maximization method, DBSCAN (Density-based Spatial Clustering of Application with Noise), and clique for the graph type model. Hendry and Yang [27] worked with a modified density-based method for clustering where its skills and weaknesses were discovered. e SLCT (Simple Logfile Clustering Tool) is used for the purposed approach, and it is an application used for the offline data mining tool.…”

Role of Machine Learning and Data Mining in Internet Security: Standing State with Future Directions

Review on Cyber Security Intrusion Detection: Using Methods of Machine Learning and Data Mining