TY - GEN
T1 - A parameterless learning algorithm for behavior-based detection
AU - Wang, Can
AU - Feng, Yaokai
AU - Kawamoto, Junpei
AU - Hori, Yoshiaki
AU - Sakurai, Kouichi
N1 - Publisher Copyright:
© 2014 IEEE.
Copyright:
Copyright 2015 Elsevier B.V., All rights reserved.
PY - 2014/1/26
Y1 - 2014/1/26
N2 - The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.
AB - The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.
UR - http://www.scopus.com/inward/record.url?scp=84946686980&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84946686980&partnerID=8YFLogxK
U2 - 10.1109/AsiaJCIS.2014.29
DO - 10.1109/AsiaJCIS.2014.29
M3 - Conference contribution
AN - SCOPUS:84946686980
T3 - Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014
SP - 11
EP - 18
BT - Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014
Y2 - 4 September 2014 through 5 September 2014
ER -