Towards modeling and detection of polymorphic network attacks using grammar based learning with Support Vector Machines

Polymorphic attacks threaten to make many intrusion detection schemes ineffective. In order to address the threat of advanced attacks, model based techniques are required. In this paper we improve our Grammar Based Modeling techniques to be more resilient to attacks that change in form by using adva...

Full description

Saved in:
Bibliographic Details
Main Authors: Evans, S.C., Weizhong Yan, Scholz, B.J., Barnett, B., Markham, T.S., Impson, J., Steinbrecher, E.
Format: Conference Proceeding
Language:English
Subjects:
Data analysis
Data structures
Intrusion detection
Machine learning
Support vector machine classification
Support vector machines
Testing
Training data
Warranties
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Polymorphic attacks threaten to make many intrusion detection schemes ineffective. In order to address the threat of advanced attacks, model based techniques are required. In this paper we improve our Grammar Based Modeling techniques to be more resilient to attacks that change in form by using advanced classification techniques. Similarity distances from known models are input as features input to Support Vector Machines and other advanced classification techniques to provide improved classification performance. Results indicate promise for intrusion detection and response against polymorphic attack with minimal false alarms.
ISSN:2155-7578
2155-7586
DOI:10.1109/MILCOM.2009.5380008