Abstract
This paper proposes new cognitive algorithms and mechanisms for detecting 0day attacks targeting the Internet and its communication performances and behavior. For this purpose, this work relies on the use of machine learning techniques able to issue autonomously traffic models and new attack signatures when new attacks are detected, characterized and classified as such. The ultimate goal deals with being able to instantaneously deploy new defense strategies when a new 0day attack is encountered, thanks to an autonomous cognitive system. The algorithms and mechanisms are validated through extensive experiments taking advantage of real traffic traces captured on the Renater network as well as on a WIDE transpacific link between Japan and the USA.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: IMW ’02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement, pp. 71–82. ACM, New York (2002)
Borgnat, P., Dewaele, G., Fukuda, K., Abry, P., Cho, K.: Seven years and one day: Sketching the evolution of internet traffic. In: INFOCOM 2009, pp. 711–719. IEEE, Los Alamitos (April 2009)
Brutlag, J.D.: Aberrant behavior detection in time series for network monitoring. In: LISA ’00: Proceedings of the 14th USENIX conference on System administration, Berkeley, CA, USA, pp. 139–146. USENIX Association (2000)
Chhabra, P., Scott, C., Kolaczyk, E.D., Crovella, M.: Distributed spatial anomaly detection. In: INFOCOM 2008. The 27th Conference on Computer Communications, pp. 1705–1713. IEEE, Los Alamitos (April 2008)
Dewaele, G., Fukuda, K., Borgnat, P., Abry, P., Cho, K.: Extracting hidden anomalies using sketch and non gaussian multiresolution statistical detection procedures. In: LSAD ’07: Proceedings of the 2007 workshop on Large scale attack defense, pp. 145–152. ACM, New York (2007)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In: Applications of Data Mining in Computer Security. Kluwer, Dordrecht (2002)
Fernandes, G., Owezarski, P.: Automated classification of network traffic anomalies. In: 5th International ICST conference on Security and Privacy in Communication networks (SecureComm 2009), Athens Greece (September 2009)
KDD99. Kdd99 cup dataset (1999), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Krishnamurthy, B., Sen, S., Zhang, Y., Chen, Y.: Sketch-based change detection: methods, evaluation, and applications. In: IMC ’03: Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement, pp. 234–247. ACM, New York (2003)
Kuang, L., Zulkernine, M.: An anomaly intrusion detection method using the csi-knn algorithm. In: SAC ’08: Proceedings of the 2008 ACM symposium on Applied computing, pp. 921–926. ACM, New York (2008)
Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: SIGCOMM ’04: Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, pp. 219–230. ACM, New York (2004)
Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. SIGCOMM Comput. Commun. Rev. 35(4), 217–228 (2005)
Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., Lakhina, A.: Detection and identification of network anomalies using sketch subspaces. In: IMC ’06: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pp. 147–152. ACM, New York (2006)
MAWI. Mawi dataset, http://mawi.wide.ad.jp/
METROSEC. Metrosec dataset, http://www.laas.fr/METROSEC
Scherrer, A., Larrieu, N., Owezarski, P., Borgnat, P., Abry, P.: Non-gaussian and long memory statistical characterizations for internet traffic with anomalies. IEEE Trans. Dependable Secur. Comput. 4(1), 56–70 (2007)
Viinikka, J., Debar, H., Ludovic, M., Sguier, R.: Time series modeling for ids alert management. In: Proceedings of the ACM Symposium on InformAtion, Computer and Communications Security (AsiaCCS) (March 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Owezarski, P., Mazel, J., Labit, Y. (2010). 0day Anomaly Detection Made Possible Thanks to Machine Learning. In: Osipov, E., Kassler, A., Bohnert, T.M., Masip-Bruin, X. (eds) Wired/Wireless Internet Communications. WWIC 2010. Lecture Notes in Computer Science, vol 6074. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13315-2_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-13315-2_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13314-5
Online ISBN: 978-3-642-13315-2
eBook Packages: Computer ScienceComputer Science (R0)