A behavior-based online engine for detecting distributed cyber-attacks

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Distributed attacks have reportedly caused the most serious losses in recent years. Here, distributed attacks means those attacks conducted collaboratively by multiple hosts. How to detect distributed attacks has become one of the most important topics in the cyber security community. Many detection methods have been proposed, each of which, however, has its own weak points. For example, detection performance of information theory based methods strongly depends on the information theoretic measures and signature-based methods suffer from the fact that they can deal with neither new kinds of attacks nor new variants of existing attacks. Recently, behavior-based method has been attracting great attentions from many researchers and developers and it is thought as the most promising one. In behavior-based approaches, normal behavior modes are learned/extracted from past traffic data of the monitored network and are used to recognize anomalies in the future detection. In this paper, we explain how to implement an online behavior-based engine for detecting distributed cyber-attacks. Detection cases of our engine are also introduced and some actual attacks/incidents have been captured by our detection engine.

Original languageEnglish
Title of host publicationInformation Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers
EditorsDooho Choi, Sylvain Guilley
PublisherSpringer Verlag
Pages79-89
Number of pages11
ISBN (Print)9783319565484
DOIs
Publication statusPublished - Jan 1 2017
Event17th International Workshop on Information Security Applications, WISA 2016 - Jeju Island, Korea, Republic of
Duration: Aug 25 2016Aug 25 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10144 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other17th International Workshop on Information Security Applications, WISA 2016
CountryKorea, Republic of
City Jeju Island
Period8/25/168/25/16

Fingerprint

Engine
Attack
Engines
Information theory
Information Theory
Anomaly
Signature
Traffic

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Feng, Y., Hori, Y., & Sakurai, K. (2017). A behavior-based online engine for detecting distributed cyber-attacks. In D. Choi, & S. Guilley (Eds.), Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers (pp. 79-89). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10144 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-56549-1_7

A behavior-based online engine for detecting distributed cyber-attacks. / Feng, Yaokai; Hori, Yoshiaki; Sakurai, Kouichi.

Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. ed. / Dooho Choi; Sylvain Guilley . Springer Verlag, 2017. p. 79-89 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10144 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Feng, Y, Hori, Y & Sakurai, K 2017, A behavior-based online engine for detecting distributed cyber-attacks. in D Choi & S Guilley (eds), Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10144 LNCS, Springer Verlag, pp. 79-89, 17th International Workshop on Information Security Applications, WISA 2016, Jeju Island, Korea, Republic of, 8/25/16. https://doi.org/10.1007/978-3-319-56549-1_7
Feng Y, Hori Y, Sakurai K. A behavior-based online engine for detecting distributed cyber-attacks. In Choi D, Guilley S, editors, Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. Springer Verlag. 2017. p. 79-89. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-56549-1_7
Feng, Yaokai ; Hori, Yoshiaki ; Sakurai, Kouichi. / A behavior-based online engine for detecting distributed cyber-attacks. Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers. editor / Dooho Choi ; Sylvain Guilley . Springer Verlag, 2017. pp. 79-89 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{2f4364064abd43b4b1d9736789e9fff9,
title = "A behavior-based online engine for detecting distributed cyber-attacks",
abstract = "Distributed attacks have reportedly caused the most serious losses in recent years. Here, distributed attacks means those attacks conducted collaboratively by multiple hosts. How to detect distributed attacks has become one of the most important topics in the cyber security community. Many detection methods have been proposed, each of which, however, has its own weak points. For example, detection performance of information theory based methods strongly depends on the information theoretic measures and signature-based methods suffer from the fact that they can deal with neither new kinds of attacks nor new variants of existing attacks. Recently, behavior-based method has been attracting great attentions from many researchers and developers and it is thought as the most promising one. In behavior-based approaches, normal behavior modes are learned/extracted from past traffic data of the monitored network and are used to recognize anomalies in the future detection. In this paper, we explain how to implement an online behavior-based engine for detecting distributed cyber-attacks. Detection cases of our engine are also introduced and some actual attacks/incidents have been captured by our detection engine.",
author = "Yaokai Feng and Yoshiaki Hori and Kouichi Sakurai",
year = "2017",
month = "1",
day = "1",
doi = "10.1007/978-3-319-56549-1_7",
language = "English",
isbn = "9783319565484",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "79--89",
editor = "Dooho Choi and {Guilley }, Sylvain",
booktitle = "Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers",
address = "Germany",

}

TY - GEN

T1 - A behavior-based online engine for detecting distributed cyber-attacks

AU - Feng, Yaokai

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Distributed attacks have reportedly caused the most serious losses in recent years. Here, distributed attacks means those attacks conducted collaboratively by multiple hosts. How to detect distributed attacks has become one of the most important topics in the cyber security community. Many detection methods have been proposed, each of which, however, has its own weak points. For example, detection performance of information theory based methods strongly depends on the information theoretic measures and signature-based methods suffer from the fact that they can deal with neither new kinds of attacks nor new variants of existing attacks. Recently, behavior-based method has been attracting great attentions from many researchers and developers and it is thought as the most promising one. In behavior-based approaches, normal behavior modes are learned/extracted from past traffic data of the monitored network and are used to recognize anomalies in the future detection. In this paper, we explain how to implement an online behavior-based engine for detecting distributed cyber-attacks. Detection cases of our engine are also introduced and some actual attacks/incidents have been captured by our detection engine.

AB - Distributed attacks have reportedly caused the most serious losses in recent years. Here, distributed attacks means those attacks conducted collaboratively by multiple hosts. How to detect distributed attacks has become one of the most important topics in the cyber security community. Many detection methods have been proposed, each of which, however, has its own weak points. For example, detection performance of information theory based methods strongly depends on the information theoretic measures and signature-based methods suffer from the fact that they can deal with neither new kinds of attacks nor new variants of existing attacks. Recently, behavior-based method has been attracting great attentions from many researchers and developers and it is thought as the most promising one. In behavior-based approaches, normal behavior modes are learned/extracted from past traffic data of the monitored network and are used to recognize anomalies in the future detection. In this paper, we explain how to implement an online behavior-based engine for detecting distributed cyber-attacks. Detection cases of our engine are also introduced and some actual attacks/incidents have been captured by our detection engine.

UR - http://www.scopus.com/inward/record.url?scp=85017654390&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85017654390&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-56549-1_7

DO - 10.1007/978-3-319-56549-1_7

M3 - Conference contribution

AN - SCOPUS:85017654390

SN - 9783319565484

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 79

EP - 89

BT - Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers

A2 - Choi, Dooho

A2 - Guilley , Sylvain

PB - Springer Verlag

ER -