A behavior-based online engine for detecting distributed cyber-attacks

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)


Distributed attacks have reportedly caused the most serious losses in recent years. Here, distributed attacks means those attacks conducted collaboratively by multiple hosts. How to detect distributed attacks has become one of the most important topics in the cyber security community. Many detection methods have been proposed, each of which, however, has its own weak points. For example, detection performance of information theory based methods strongly depends on the information theoretic measures and signature-based methods suffer from the fact that they can deal with neither new kinds of attacks nor new variants of existing attacks. Recently, behavior-based method has been attracting great attentions from many researchers and developers and it is thought as the most promising one. In behavior-based approaches, normal behavior modes are learned/extracted from past traffic data of the monitored network and are used to recognize anomalies in the future detection. In this paper, we explain how to implement an online behavior-based engine for detecting distributed cyber-attacks. Detection cases of our engine are also introduced and some actual attacks/incidents have been captured by our detection engine.

Original languageEnglish
Title of host publicationInformation Security Applications - 17th International Workshop, WISA 2016, Revised Selected Papers
EditorsDooho Choi, Sylvain Guilley
PublisherSpringer Verlag
Number of pages11
ISBN (Print)9783319565484
Publication statusPublished - Jan 1 2017
Event17th International Workshop on Information Security Applications, WISA 2016 - Jeju Island, Korea, Republic of
Duration: Aug 25 2016Aug 25 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10144 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other17th International Workshop on Information Security Applications, WISA 2016
Country/TerritoryKorea, Republic of
City Jeju Island

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'A behavior-based online engine for detecting distributed cyber-attacks'. Together they form a unique fingerprint.

Cite this