automatic generation of novel intrusion signatures using one-class classifiers and inductive learning methods (technical note)

نویسندگان

مهدی آبادی

سعید جلیلی

چکیده

in this paper, we propose an approach for automatic generation of novel intrusion signatures. this approach can be used in the signature-based network intrusion detection systems (nidss) and for the automation of the process of intrusion detection in these systems. in the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. then, in the detection phase, any traffic that does not match with the known intrusion signatures and deviates from the established normal profile is detected as a novel intrusion. using an inductive learning method, the signature of this novel intrusion is generated and the signature database is automatically updated. we evaluate our approach by performing experiments on the dataset provided by the darpa intrusion detection evaluation program. the results of experiments show that our proposed approach can be successfully used for automatic generation of novel intrusion signatures.

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

تولید خودکار الگوهای نفوذ جدید با استفاده از طبقه‌بندهای تک کلاسی و روش‌های یادگیری استقرایی

In this paper, we propose an approach for automatic generation of novel intrusion signatures. This approach can be used in the signature-based Network Intrusion Detection Systems (NIDSs) and for the automation of the process of intrusion detection in these systems. In the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. ...

متن کامل

One-class Classification Methods via Automatic Counter-example Generation

Here we propose novel methods for the One-Class Classification task and examine their applicability. Essentially, these methods extend the training set – which contains only positive examples – with artificially generated counterexamples. After, a two-class classifier is used to separate them. In this paper following a description of the existing and the newly proposed methods some problematic ...

متن کامل

Uncertainty sampling methods for one-class classifiers

Selective sampling, a part of the active learning method, reduces the cost of labeling supplementary training data by asking for the labels only of the most informative, unlabeled examples. This additional information added to an initial, randomly chosen training set is expected to improve the generalization performance of a learning machine. We investigate some methods for a selection of the m...

متن کامل

on the comparison of keyword and semantic-context methods of learning new vocabulary meaning

the rationale behind the present study is that particular learning strategies produce more effective results when applied together. the present study tried to investigate the efficiency of the semantic-context strategy alone with a technique called, keyword method. to clarify the point, the current study seeked to find answer to the following question: are the keyword and semantic-context metho...

15 صفحه اول

the relationship between using language learning strategies, learners’ optimism, educational status, duration of learning and demotivation

with the growth of more humanistic approaches towards teaching foreign languages, more emphasis has been put on learners’ feelings, emotions and individual differences. one of the issues in teaching and learning english as a foreign language is demotivation. the purpose of this study was to investigate the relationship between the components of language learning strategies, optimism, duration o...

15 صفحه اول

Combining One-Class Classifiers

In the problem of one-class classification target objects should be distinguished from outlier objects. In this problem it is assumed that only information of the target class is available while nothing is known about the outlier class. Like standard two-class classifiers, one-class classifiers hardly ever fit the data distribution perfectly. Using only the best classifier and discarding the cl...

متن کامل

منابع من

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

عنوان ژورنال:

نشریه دانشکده فنی

جلد ۴۲، شماره ۷، صفحات ۰-۰

کلمات کلیدی

in this paper we propose an approach for automatic generation of novel intrusion signatures. this approach can be used in the signature based network intrusion detection systems (nidss) and for the automation of the process of intrusion detection in these systems. in the proposed approach first by using several one class classifiers the profile of the normal network traffic is established. then in the detection phase any traffic that does not match with the known intrusion signatures and deviates from the established normal profile is detected as a novel intrusion. using an inductive learning method the signature of this novel intrusion is generated and the signature database is automatically updated. we evaluate our approach by performing experiments on the dataset provided by the darpa intrusion detection evaluation program. the results of experiments show that our proposed approach can be successfully used for automatic generation of novel intrusion signatures.

میزبانی شده توسط پلتفرم ابری doprax.com