ON THE DETECTION OF NOVEL ATTACKS USING BEHAVIORAL APPROACHES
Benferhat Salem, Tabia Karim
2008
Abstract
During last years, behavioral approaches, representing normal/abnormal activities, have been widely used in intrusion detection. However, they are ineffective for detecting novel attacks involving new behaviors. This paper first analyzes and explains this recurring problem due on one hand to inadequate handling of anomalous and unusual audit events and on other hand to insufficient decision rules which do not meet behavioral approach objectives. We then propose to enhance the standard classification rules in order to fit behavioral approach requirements and detect novel attacks. Experimental studies carried out on real and simulated htt p traffic show that these enhanced decision rules allow to detect most novel attacks without triggering higher false alarm rates.
DownloadPaper Citation
in Harvard Style
Salem B. and Karim T. (2008). ON THE DETECTION OF NOVEL ATTACKS USING BEHAVIORAL APPROACHES . In Proceedings of the Third International Conference on Software and Data Technologies - Volume 1: ICSOFT, ISBN 978-989-8111-51-7, pages 265-272. DOI: 10.5220/0001894302650272
in Bibtex Style
@conference{icsoft08,
author={Benferhat Salem and Tabia Karim},
title={ON THE DETECTION OF NOVEL ATTACKS USING BEHAVIORAL APPROACHES},
booktitle={Proceedings of the Third International Conference on Software and Data Technologies - Volume 1: ICSOFT,},
year={2008},
pages={265-272},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001894302650272},
isbn={978-989-8111-51-7},
}
in EndNote Style
TY - CONF
JO - Proceedings of the Third International Conference on Software and Data Technologies - Volume 1: ICSOFT,
TI - ON THE DETECTION OF NOVEL ATTACKS USING BEHAVIORAL APPROACHES
SN - 978-989-8111-51-7
AU - Salem B.
AU - Karim T.
PY - 2008
SP - 265
EP - 272
DO - 10.5220/0001894302650272