A parameterless learning algorithm for behavior-based detection

Can Wang, Yaokai Feng, Junpei Kawamoto, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., History traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameter less learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.

Original languageEnglish
Title of host publicationProceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages11-18
Number of pages8
ISBN (Electronic)9781479957330
DOIs
Publication statusPublished - Jan 26 2014
Event2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014 - Wuchang, Wuhan, China
Duration: Sep 4 2014Sep 5 2014

Publication series

NameProceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014

Other

Other2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014
CountryChina
CityWuchang, Wuhan
Period9/4/149/5/14

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'A parameterless learning algorithm for behavior-based detection'. Together they form a unique fingerprint.

  • Cite this

    Wang, C., Feng, Y., Kawamoto, J., Hori, Y., & Sakurai, K. (2014). A parameterless learning algorithm for behavior-based detection. In Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014 (pp. 11-18). [7023233] (Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/AsiaJCIS.2014.29