Share Email Print
cover

Proceedings Paper

Intrusion signature creation via clustering anomalies
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

Current practices for combating cyber attacks typically use Intrusion Detection Systems (IDSs) to detect and block multistage attacks. Because of the speed and impacts of new types of cyber attacks, current IDSs are limited in providing accurate detection while reliably adapting to new attacks. In signature-based IDS systems, this limitation is made apparent by the latency from day zero of an attack to the creation of an appropriate signature. This work hypothesizes that this latency can be shortened by creating signatures via anomaly-based algorithms. A hybrid supervised and unsupervised clustering algorithm is proposed for new signature creation. These new signatures created in real-time would take effect immediately, ideally detecting new attacks. This work first investigates a modified density-based clustering algorithm as an IDS, with its strengths and weaknesses identified. A signature creation algorithm leveraging the summarizing abilities of clustering is investigated. Lessons learned from the supervised signature creation are then leveraged for the development of unsupervised real-time signature classification. Automating signature creation and classification via clustering is demonstrated as satisfactory but with limitations.

Paper Details

Date Published: 17 March 2008
PDF: 12 pages
Proc. SPIE 6973, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008, 69730C (17 March 2008); doi: 10.1117/12.775886
Show Author Affiliations
Gilbert R. Hendry, Rochester Institute of Technology (United States)
Shanchieh J. Yang, Rochester Institute of Technology (United States)


Published in SPIE Proceedings Vol. 6973:
Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008
William J. Tolone; William Ribarsky, Editor(s)

© SPIE. Terms of Use
Back to Top