An exemplar-based learning approach for detection and classification of malicious network streams in honeynets

Variants of malware and exploits are emerging globally at an ever-increasing rate. There is a need to automate their detection by observing their footprints over network streams, but signature-based intrusion detection systems alone cannot cope with the dynamic nature of modern security threats. In this paper, we approach intrusion detection as a classification problem and describe a system using exemplar-based learning to correctly classify known classes of malware and to detect, learn and classify unknown malicious streams into classes. Copyright © 2013 John Wiley & Sons, Ltd.

[1]  Christopher Krügel,et al.  Using Decision Trees to Improve Signature-Based Intrusion Detection , 2003, RAID.

[2]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[3]  Aun Haider,et al.  Classification of malicious network streams using honeynets , 2012, 2012 IEEE Global Communications Conference (GLOBECOM).

[4]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[5]  Paul M. B. Vitányi,et al.  Clustering by compression , 2003, IEEE Transactions on Information Theory.

[6]  V. Rao Vemuri,et al.  Use of K-Nearest Neighbor classifier for intrusion detection , 2002, Comput. Secur..

[7]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[8]  Pradeep Ravikumar,et al.  A Comparison of String Distance Metrics for Name-Matching Tasks , 2003, IIWeb.

[9]  Christoph Fuchs,et al.  Nebula - generating syntactical network intrusion signatures , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[10]  Stephen F. Bush,et al.  Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics , 2005, Journal of Network and Systems Management.

[11]  Sheng-Hsun Hsu,et al.  Application of SVM and ANN for intrusion detection , 2005, Comput. Oper. Res..

[12]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[13]  Fahim H. Abbasi,et al.  Experiences with a Generation III virtual Honeynet , 2009, 2009 Australasian Telecommunication Networks and Applications Conference (ATNAC).

[14]  Stephanie Wehner,et al.  Analyzing worms and network traffic using compression , 2005, J. Comput. Secur..

[15]  Lorie M. Liebrock,et al.  An application of information theory to intrusion detection , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[16]  Dan Schnackenberg,et al.  Statistical approaches to DDoS attack detection and response , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[17]  Francisco Herrera,et al.  Prototype Selection for Nearest Neighbor Classification: Taxonomy and Empirical Study , 2012, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[18]  S. C. Evans,et al.  Network security through conservation of complexity , 2002, MILCOM 2002. Proceedings.

[19]  Xiangliang Zhang,et al.  Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data , 2006, Comput. Secur..

[20]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[21]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[22]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[23]  Kavé Salamatian,et al.  Combining filtering and statistical methods for anomaly detection , 2005, IMC '05.

[24]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[25]  Zhen Liu,et al.  A comparison of input representations in neural networks: a case study in intrusion detection , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[26]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..