论文信息 - Clustering toward detecting cyber attacks

Clustering toward detecting cyber attacks

Several anomaly methods have been proposed to cope with the recent booming of HTTP-related vulnerabilities which renders the security breaches of lots of vital HTTP-based services on the internet. This paper proposes a novel bottom-up agglomerative clustering method which not only spares the nuisance of a learning process that involves a big amount of manual sample taggings, but also presents a much stronger adaptiveness in being able to coping with variant situations and in detecting new samples.

[1] Roy T. Fielding,et al. Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[2] Robert A. Martin,et al. Vulnerability Type Distributions in CVE , 2007 .

[3] Sergio M. Savaresi,et al. Unsupervised learning techniques for an intrusion detection system , 2004, SAC '04.

[4] Richard Lippmann,et al. Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation , 2000, Recent Advances in Intrusion Detection.

[5] Klaus Julisch,et al. Clustering intrusion detection alarms to support root cause analysis , 2003, TSEC.

[6] Christopher Krügel,et al. Anomaly detection of web-based attacks , 2003, CCS '03.

[7] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .

[8] Tim Berners-Lee,et al. Hypertext transfer protocol--http/i , 1993 .

[9] Hervé Debar,et al. Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[10] Hajime Inoue,et al. Comparing Anomaly Detection Techniques for HTTP , 2007, RAID.