TY - GEN
T1 - A behavior-based online engine for detecting distributed cyber-attacks
AU - Feng, Yaokai
AU - Hori, Yoshiaki
AU - Sakurai, Kouichi
PY - 2017/1/1
Y1 - 2017/1/1
N2 - Distributed attacks have reportedly caused the most serious losses in recent years. Here, distributed attacks means those attacks conducted collaboratively by multiple hosts. How to detect distributed attacks has become one of the most important topics in the cyber security community. Many detection methods have been proposed, each of which, however, has its own weak points. For example, detection performance of information theory based methods strongly depends on the information theoretic measures and signature-based methods suffer from the fact that they can deal with neither new kinds of attacks nor new variants of existing attacks. Recently, behavior-based method has been attracting great attentions from many researchers and developers and it is thought as the most promising one. In behavior-based approaches, normal behavior modes are learned/extracted from past traffic data of the monitored network and are used to recognize anomalies in the future detection. In this paper, we explain how to implement an online behavior-based engine for detecting distributed cyber-attacks. Detection cases of our engine are also introduced and some actual attacks/incidents have been captured by our detection engine.
AB - Distributed attacks have reportedly caused the most serious losses in recent years. Here, distributed attacks means those attacks conducted collaboratively by multiple hosts. How to detect distributed attacks has become one of the most important topics in the cyber security community. Many detection methods have been proposed, each of which, however, has its own weak points. For example, detection performance of information theory based methods strongly depends on the information theoretic measures and signature-based methods suffer from the fact that they can deal with neither new kinds of attacks nor new variants of existing attacks. Recently, behavior-based method has been attracting great attentions from many researchers and developers and it is thought as the most promising one. In behavior-based approaches, normal behavior modes are learned/extracted from past traffic data of the monitored network and are used to recognize anomalies in the future detection. In this paper, we explain how to implement an online behavior-based engine for detecting distributed cyber-attacks. Detection cases of our engine are also introduced and some actual attacks/incidents have been captured by our detection engine.
UR - http://www.scopus.com/inward/record.url?scp=85017654390&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85017654390&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-56549-1_7
DO - 10.1007/978-3-319-56549-1_7
M3 - Conference contribution
AN - SCOPUS:85017654390
SN - 9783319565484
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 79
EP - 89
BT - Information Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers
A2 - Choi, Dooho
A2 - Guilley , Sylvain
PB - Springer Verlag
T2 - 17th International Workshop on Information Security Applications, WISA 2016
Y2 - 25 August 2016 through 25 August 2016
ER -