Learn More
Detection of cyber-attacks is a major responsibility for network managers and security specialists. Most existing Network Intrusion Detection systems rely on inspecting individual packets, an increasingly resource consuming task in today's high speed networks due to the overhead associated with accessing packet content. An alternative approach is to detect(More)
There is a considerable interest in developing techniques to detect zero-day (unknown) cyber-attacks, and considering context is a promising approach. This paper describes a contextual misuse approach combined with an anomaly detection technique to detect zero-day cyber attacks. The contextual misuse detection utilizes similarity with attack context(More)
Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of(More)
Intrusion Detection Systems (IDSs) have been developed for many years, but in general they fall short in efficiently detecting zero-day attacks. A promising approach to this problem is to apply linear data transformation and anomaly detection techniques on top of known attack signatures that convey contextual properties. The linear data transformation(More)