0day anomaly detection made possible thanks to machine learning

Authors:
Philippe Owezarski;Johan Mazel;Yann Labit
Affiliations:
CNRS/ LAAS, Toulouse, France;CNRS/ LAAS, Toulouse, France;CNRS/ LAAS, Toulouse, France
Venue:
WWIC'10 Proceedings of the 8th international conference on Wired/Wireless Internet Communications
Year:
2010

Citing 10
Cited 0

A signal analysis of network traffic anomalies

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Sketch-based change detection: methods, evaluation, and applications

Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Aberrant Behavior Detection in Time Series for Network Monitoring

LISA '00 Proceedings of the 14th USENIX conference on System administration
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Time series modeling for IDS alert management

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Detection and identification of network anomalies using sketch subspaces

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies

IEEE Transactions on Dependable and Secure Computing
Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures

Proceedings of the 2007 workshop on Large scale attack defense
An anomaly intrusion detection method using the CSI-KNN algorithm

Proceedings of the 2008 ACM symposium on Applied computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes new cognitive algorithms and mechanisms for detecting 0day attacks targeting the Internet and its communication performances and behavior. For this purpose, this work relies on the use of machine learning techniques able to issue autonomously traffic models and new attack signatures when new attacks are detected, characterized and classified as such. The ultimate goal deals with being able to instantaneously deploy new defense strategies when a new 0day attack is encountered, thanks to an autonomous cognitive system. The algorithms and mechanisms are validated through extensive experiments taking advantage of real traffic traces captured on the Renater network as well as on a WIDE transpacific link between Japan and the USA.