Skip to main content
Springer Nature Link
Log in

0day Anomaly Detection Made Possible Thanks to Machine Learning

  • Conference paper
Wired/Wireless Internet Communications (WWIC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 6074))

Included in the following conference series:

Abstract

This paper proposes new cognitive algorithms and mechanisms for detecting 0day attacks targeting the Internet and its communication performances and behavior. For this purpose, this work relies on the use of machine learning techniques able to issue autonomously traffic models and new attack signatures when new attacks are detected, characterized and classified as such. The ultimate goal deals with being able to instantaneously deploy new defense strategies when a new 0day attack is encountered, thanks to an autonomous cognitive system. The algorithms and mechanisms are validated through extensive experiments taking advantage of real traffic traces captured on the Renater network as well as on a WIDE transpacific link between Japan and the USA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
eBook
USD 39.99
Price excludes VAT (USA)
Softcover Book
USD 54.99
Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: IMW ’02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement, pp. 71–82. ACM, New York (2002)

    Chapter  Google Scholar 

  2. Borgnat, P., Dewaele, G., Fukuda, K., Abry, P., Cho, K.: Seven years and one day: Sketching the evolution of internet traffic. In: INFOCOM 2009, pp. 711–719. IEEE, Los Alamitos (April 2009)

    Google Scholar 

  3. Brutlag, J.D.: Aberrant behavior detection in time series for network monitoring. In: LISA ’00: Proceedings of the 14th USENIX conference on System administration, Berkeley, CA, USA, pp. 139–146. USENIX Association (2000)

    Google Scholar 

  4. Chhabra, P., Scott, C., Kolaczyk, E.D., Crovella, M.: Distributed spatial anomaly detection. In: INFOCOM 2008. The 27th Conference on Computer Communications, pp. 1705–1713. IEEE, Los Alamitos (April 2008)

    Chapter  Google Scholar 

  5. Dewaele, G., Fukuda, K., Borgnat, P., Abry, P., Cho, K.: Extracting hidden anomalies using sketch and non gaussian multiresolution statistical detection procedures. In: LSAD ’07: Proceedings of the 2007 workshop on Large scale attack defense, pp. 145–152. ACM, New York (2007)

    Chapter  Google Scholar 

  6. Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In: Applications of Data Mining in Computer Security. Kluwer, Dordrecht (2002)

    Google Scholar 

  7. Fernandes, G., Owezarski, P.: Automated classification of network traffic anomalies. In: 5th International ICST conference on Security and Privacy in Communication networks (SecureComm 2009), Athens Greece (September 2009)

    Google Scholar 

  8. KDD99. Kdd99 cup dataset (1999), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  9. Krishnamurthy, B., Sen, S., Zhang, Y., Chen, Y.: Sketch-based change detection: methods, evaluation, and applications. In: IMC ’03: Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, pp. 234–247. ACM, New York (2003)

    Chapter  Google Scholar 

  10. Kuang, L., Zulkernine, M.: An anomaly intrusion detection method using the csi-knn algorithm. In: SAC ’08: Proceedings of the 2008 ACM symposium on Applied computing, pp. 921–926. ACM, New York (2008)

    Chapter  Google Scholar 

  11. Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: SIGCOMM ’04: Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, pp. 219–230. ACM, New York (2004)

    Chapter  Google Scholar 

  12. Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. SIGCOMM Comput. Commun. Rev. 35(4), 217–228 (2005)

    Article  Google Scholar 

  13. Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., Lakhina, A.: Detection and identification of network anomalies using sketch subspaces. In: IMC ’06: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pp. 147–152. ACM, New York (2006)

    Google Scholar 

  14. MAWI. Mawi dataset, http://mawi.wide.ad.jp/

  15. METROSEC. Metrosec dataset, http://www.laas.fr/METROSEC

  16. Scherrer, A., Larrieu, N., Owezarski, P., Borgnat, P., Abry, P.: Non-gaussian and long memory statistical characterizations for internet traffic with anomalies. IEEE Trans. Dependable Secur. Comput. 4(1), 56–70 (2007)

    Article  Google Scholar 

  17. Viinikka, J., Debar, H., Ludovic, M., Sguier, R.: Time series modeling for ids alert management. In: Proceedings of the ACM Symposium on InformAtion, Computer and Communications Security (AsiaCCS) (March 2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CNRS; LAAS, 7 Avenue du colonel Roche, F-31077, Toulouse, France

    Philippe Owezarski, Johan Mazel & Yann Labit

  2. Université de Toulouse; UPS, INSA, INP, ISAE; LAAS, F-31077, Toulouse, France

    Philippe Owezarski, Johan Mazel & Yann Labit

Authors
  1. Philippe Owezarski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johan Mazel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yann Labit
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Electrical Engineering, Luleå University of Technology, 97187, Luleå, Sweden

    Evgeny Osipov

  2. Computer Science Department, Karlstad University, Universitetgetan 2, 65188, Karlstad, Sweden

    Andreas Kassler

  3. CEC Zurich, Kreuzplatz 20, 8008, Zurich, Switzerland

    Thomas Michael Bohnert

  4. Departament d’Arquitectura de Computadors, Universitat Politècnica de Catalunya, Avgda. Víctor Balaguer, s/n, 08800, Barcelona, Spain

    Xavier Masip-Bruin

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Owezarski, P., Mazel, J., Labit, Y. (2010). 0day Anomaly Detection Made Possible Thanks to Machine Learning. In: Osipov, E., Kassler, A., Bohnert, T.M., Masip-Bruin, X. (eds) Wired/Wireless Internet Communications. WWIC 2010. Lecture Notes in Computer Science, vol 6074. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13315-2_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13315-2_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13314-5

  • Online ISBN: 978-3-642-13315-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation