A parameterless learning algorithm for behavior-based detection

Can Wang, Yaokai Feng, Junpei Kawamoto, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.

Original languageEnglish
Title of host publicationProceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages11-18
Number of pages8
ISBN (Electronic)9781479957330
DOIs
Publication statusPublished - Jan 26 2014
Event2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014 - Wuchang, Wuhan, China
Duration: Sep 4 2014Sep 5 2014

Publication series

NameProceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014

Other

Other2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014
CountryChina
CityWuchang, Wuhan
Period9/4/149/5/14

Fingerprint

Learning algorithms
Network security
Experiments

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Wang, C., Feng, Y., Kawamoto, J., Hori, Y., & Sakurai, K. (2014). A parameterless learning algorithm for behavior-based detection. In Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014 (pp. 11-18). [7023233] (Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/AsiaJCIS.2014.29

A parameterless learning algorithm for behavior-based detection. / Wang, Can; Feng, Yaokai; Kawamoto, Junpei; Hori, Yoshiaki; Sakurai, Kouichi.

Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 11-18 7023233 (Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Wang, C, Feng, Y, Kawamoto, J, Hori, Y & Sakurai, K 2014, A parameterless learning algorithm for behavior-based detection. in Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014., 7023233, Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014, Institute of Electrical and Electronics Engineers Inc., pp. 11-18, 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014, Wuchang, Wuhan, China, 9/4/14. https://doi.org/10.1109/AsiaJCIS.2014.29
Wang C, Feng Y, Kawamoto J, Hori Y, Sakurai K. A parameterless learning algorithm for behavior-based detection. In Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 11-18. 7023233. (Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014). https://doi.org/10.1109/AsiaJCIS.2014.29
Wang, Can ; Feng, Yaokai ; Kawamoto, Junpei ; Hori, Yoshiaki ; Sakurai, Kouichi. / A parameterless learning algorithm for behavior-based detection. Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 11-18 (Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014).
@inproceedings{f60193227d7840da9d5e72fcbbff285d,
title = "A parameterless learning algorithm for behavior-based detection",
abstract = "The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.",
author = "Can Wang and Yaokai Feng and Junpei Kawamoto and Yoshiaki Hori and Kouichi Sakurai",
year = "2014",
month = "1",
day = "26",
doi = "10.1109/AsiaJCIS.2014.29",
language = "English",
series = "Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "11--18",
booktitle = "Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014",
address = "United States",

}

TY - GEN

T1 - A parameterless learning algorithm for behavior-based detection

AU - Wang, Can

AU - Feng, Yaokai

AU - Kawamoto, Junpei

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2014/1/26

Y1 - 2014/1/26

N2 - The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.

AB - The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.

UR - http://www.scopus.com/inward/record.url?scp=84946686980&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84946686980&partnerID=8YFLogxK

U2 - 10.1109/AsiaJCIS.2014.29

DO - 10.1109/AsiaJCIS.2014.29

M3 - Conference contribution

AN - SCOPUS:84946686980

T3 - Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014

SP - 11

EP - 18

BT - Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -