Towards modeling and detection of polymorphic network attacks using grammar based learning with support vector machines

Authors:
Scott C. Evans;Weizhong Yan;Bernhard J. Scholz;Bruce Barnett;T. Stephen Markham;Jeremy Impson;Eric Steinbrecher
Affiliations:
General Electric Global Research, Niskayuna, NY;General Electric Global Research, Niskayuna, NY;General Electric Global Research, Niskayuna, NY;General Electric Global Research, Niskayuna, NY;General Electric Global Research, Niskayuna, NY;Lockheed Martin, Owego, NY;Lockheed Martin, Owego, NY
Venue:
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Year:
2009

Citing 4
Cited 0

A Tutorial on Support Vector Machines for Pattern Recognition

Data Mining and Knowledge Discovery
Polymorphic blending attacks

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
MicroRNA target detection and analysis for genes related to breast cancer using MDLcompress

EURASIP Journal on Bioinformatics and Systems Biology
Implementation of an Incremental MDL-Based Two Part Compression Algorithm for Model Inference

DCC '09 Proceedings of the 2009 Data Compression Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Polymorphic attacks threaten to make many intrusion detection schemes ineffective [15]. In order to address the threat of advanced attacks, model based techniques are required. In this paper we improve our Grammar Based Modeling techniques [1] -[5] to be more resilient to attacks that change in form by using advanced classification techniques. Similarity distances from known models are input as features input to Support Vector Machines and other advanced classification techniques to provide improved classification performance. Results indicate promise for intrusion detection and response against polymorphic attack with minimal false alarms.