2018 IEEE International Conference on Communications (ICC) 2018
DOI: 10.1109/icc.2018.8422622
|View full text |Cite
|
Sign up to set email alerts
|

An Adaptive Real-Time Architecture for Zero-Day Threat Detection

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
23
0
3

Year Published

2018
2018
2023
2023

Publication Types

Select...
7
1

Relationship

3
5

Authors

Journals

citations
Cited by 37 publications
(26 citation statements)
references
References 17 publications
0
23
0
3
Order By: Relevance
“…Up to now, most companies rely on signature-based IDSs as they are expressive and understandable by network administrators. Nevertheless, they are not able to detect zero-day attacks, i.e., attacks exploiting unknown vulnerabilities, for which no patch is available [28] Anomaly-based approaches attempt to detect zero-day attacks, in addition to known ones. They model the normal network traffic and qualify an anomaly as a significant deviation from it, with statistical or machine learning techniques.…”
Section: Intrusion Detection Methodologiesmentioning
confidence: 99%
“…Up to now, most companies rely on signature-based IDSs as they are expressive and understandable by network administrators. Nevertheless, they are not able to detect zero-day attacks, i.e., attacks exploiting unknown vulnerabilities, for which no patch is available [28] Anomaly-based approaches attempt to detect zero-day attacks, in addition to known ones. They model the normal network traffic and qualify an anomaly as a significant deviation from it, with statistical or machine learning techniques.…”
Section: Intrusion Detection Methodologiesmentioning
confidence: 99%
“…Improvements of the NSL‐KDD over KDD 99 are the elimination of redundant and duplicate samples, to avoid a biased classification and overfitting, and a better cross‐class balancing to avoid random selection. The second dataset is the GTA/UFRJ that combines real network traffic captured from a laboratory and network threats produced in a controlled environment . Network traffic is abstracted in 26 features and contains three classes, DoS, probe, and normal traffic.…”
Section: Catraca Evaluationmentioning
confidence: 99%
“…Tables , and show the confusion matrix of the three evaluated datasets. We consider a network flow sampling as a sliding window of 2 s duration since Lobato et al suggest that it is the best trade‐off between classification accuracy and decision latency . The confusion matrix specifies the rate of false positives and other metrics of each class in the test data set.…”
Section: Catraca Evaluationmentioning
confidence: 99%
“…The improvements of the NSL-KDD over KDD 99 are the elimination of redundant and duplicate samples, to avoid a biased classification and overfitting, and a better cross-class balancing to avoid random selection. GTA/UFRJ dataset 2 [28] combines real network traffic captured from a laboratory and network threats produced in a controlled environment. Network traffic is abstracted in 26 features and contains three classes, DoS, probe and normal traffic.…”
Section: B the Proposed Correlation-based Feature Selectionmentioning
confidence: 99%