Skip to main content
SpringerLink
Log in
Book cover

Annual Asian Computing Science Conference

ASIAN 2007: Advances in Computer Science – ASIAN 2007. Computer and Network Security pp 247–253Cite as

A Comprehensive Approach to Detect Unknown Attacks Via Intrusion Detection Alerts

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4846))

Abstract

Intrusion detection system(IDS) has played an important role as a device to defend our networks from cyber attacks. However, since it still suffers from detecting an unknown attack, i.e., 0-day attack, the ultimate challenge in intrusion detection field is how we can exactly identify such an attack. This paper presents a novel approach that is quite different from the traditional detection models based on raw traffic data. The proposed method can extract unknown activities from IDS alerts by applying data mining technique. We evaluated our method over the log data of IDS that is deployed in Kyoto University, and our experimental results show that it can extract unknown(or under development) attacks from IDS alerts by assigning a score to them that reflects how anomalous they are, and visualizing the scored alerts.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Denning, D.E.: An intrusion detection model. IEEE Transactions on Software Engineering, SE 13, 222–232 (1987)

    Article  Google Scholar 

  2. http://www.snort.org/

  3. Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A Data Mining Analysis of RTID Alarms. Computer Networks 34(4), 571–577 (2000)

    Article  Google Scholar 

  4. Julisch, K.: Clustering Intrusion Detection Alarms to Support Root Cause Analysis. ACM Transactions on Information and System Security 6(4), 443–471 (2003)

    Article  Google Scholar 

  5. Zurutuza, U., Uribeetxeberria, R.: Intrusion Detection Alarm Correlation: A Survey. In: Proceedings of the IADAT International Conference on Telecommunications and Computer Networks (December 1-3, 2004)

    Google Scholar 

  6. Bass, T.: Intrusion detection systems and multisensor data fusion. In: Communications of the ACM, pp. 99–105. ACM Press, New York (2000)

    Google Scholar 

  7. Giacinto, G., Perdisci, R., Roli, F.: Alarm Clustering for Intrusion Detection Systems in Computer Networks. In: Perner, P., Imiya, A. (eds.) MLDM 2005. LNCS (LNAI), vol. 3587, pp. 184–193. Springer, Heidelberg (2005)

    Google Scholar 

  8. Treinen, J.J., Thurimella, R.: A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 1–18. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Symantec Network Security 7100 Series

    Google Scholar 

  10. http://www.support.microsoft.com/kb/921883

  11. http://www.microsoft.com/technet/security/bulletin/MS05-027.mspx

  12. http://www.sans.org/resources/idfaq/rpc_evas.php

  13. http://www.sophos.com/security/analyses/w32allapleb.html

  14. Linde, Y., Buzo, A., Gray, R.M.: An Algorithm for Vector Quantizer Design. IEEE Trans. on communications 28(1), 84–95 (1980)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Informatics, Kyoto University,  

    Jungsuk Song, Hayato Ohba & Kenji Ohira

  2. Academic Center for Computing and Media Studies, Kyoto University,  

    Hiroki Takakura & Yasuo Okabe

  3. Information and Telecom. Eng., Korea Aerospace University,  

    Yongjin Kwon

Authors
  1. Jungsuk Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hayato Ohba
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hiroki Takakura
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yasuo Okabe
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kenji Ohira
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yongjin Kwon
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Iliano Cervesato

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Song, J., Ohba, H., Takakura, H., Okabe, Y., Ohira, K., Kwon, Y. (2007). A Comprehensive Approach to Detect Unknown Attacks Via Intrusion Detection Alerts. In: Cervesato, I. (eds) Advances in Computer Science – ASIAN 2007. Computer and Network Security. ASIAN 2007. Lecture Notes in Computer Science, vol 4846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76929-3_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-76929-3_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-76927-9

  • Online ISBN: 978-3-540-76929-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation