A hybrid layered architecture for detection and analysis of network based Zero-day attack

Saurabh Singh; Pradip Kumar Sharma; Seo Yeon Moon; Jong Hyuk Park

doi:10.1016/j.comcom.2017.01.019

A hybrid layered architecture for detection and analysis of network based Zero-day attack

Saurabh Singh, Pradip Kumar Sharma, Seo Yeon Moon, Jong Hyuk Park

Dept. of Computer Science and Engineering

Seoul National University of Science and Technology (SNUST)

Research output: Contribution to journal › Article › peer-review

5 Scopus citations

Abstract

A Zero-day (0-day) susceptibility is an undisclosed computer software or application vulnerability that could be exploited to affect hardware, applications, data, or networks negatively. The main objectives of a Zero-day attack are for hackers or attackers to be able steal sensitive information, legal documents, enterprises data, and other information. We have analyzed the lifecycle of Zero-day vulnerabilities and different detection methodologies. In this paper, we propose a novel hybrid layered architecture framework for Zero-day attack detection and analysis in real-time, which is based on statistics, signatures, and behavior techniques. To enhance our architecture, we used an SVM approach in order to provide unsupervised learning and minimize false alarm detection capabilities.

Original language	English
Pages (from-to)	100-106
Number of pages	7
Journal	Computer Communications
Volume	106
DOIs	https://doi.org/10.1016/j.comcom.2017.01.019
State	Published - 1 Jul 2017

Keywords

Anomaly behavior
Exploit
Support vector machine
Zero-day attacks

Access to Document

10.1016/j.comcom.2017.01.019

Cite this

@article{b7062b5905d5400aa1b5a6dc16d4b847,

title = "A hybrid layered architecture for detection and analysis of network based Zero-day attack",

abstract = "A Zero-day (0-day) susceptibility is an undisclosed computer software or application vulnerability that could be exploited to affect hardware, applications, data, or networks negatively. The main objectives of a Zero-day attack are for hackers or attackers to be able steal sensitive information, legal documents, enterprises data, and other information. We have analyzed the lifecycle of Zero-day vulnerabilities and different detection methodologies. In this paper, we propose a novel hybrid layered architecture framework for Zero-day attack detection and analysis in real-time, which is based on statistics, signatures, and behavior techniques. To enhance our architecture, we used an SVM approach in order to provide unsupervised learning and minimize false alarm detection capabilities.",

keywords = "Anomaly behavior, Exploit, Support vector machine, Zero-day attacks",

author = "Saurabh Singh and Sharma, \{Pradip Kumar\} and Moon, \{Seo Yeon\} and Park, \{Jong Hyuk\}",

note = "Publisher Copyright: {\textcopyright} 2017",

year = "2017",

month = jul,

day = "1",

doi = "10.1016/j.comcom.2017.01.019",

language = "English",

volume = "106",

pages = "100--106",

journal = "Computer Communications",

issn = "0140-3664",

}

TY - JOUR

T1 - A hybrid layered architecture for detection and analysis of network based Zero-day attack

AU - Singh, Saurabh

AU - Sharma, Pradip Kumar

AU - Moon, Seo Yeon

AU - Park, Jong Hyuk

PY - 2017/7/1

Y1 - 2017/7/1

N2 - A Zero-day (0-day) susceptibility is an undisclosed computer software or application vulnerability that could be exploited to affect hardware, applications, data, or networks negatively. The main objectives of a Zero-day attack are for hackers or attackers to be able steal sensitive information, legal documents, enterprises data, and other information. We have analyzed the lifecycle of Zero-day vulnerabilities and different detection methodologies. In this paper, we propose a novel hybrid layered architecture framework for Zero-day attack detection and analysis in real-time, which is based on statistics, signatures, and behavior techniques. To enhance our architecture, we used an SVM approach in order to provide unsupervised learning and minimize false alarm detection capabilities.

AB - A Zero-day (0-day) susceptibility is an undisclosed computer software or application vulnerability that could be exploited to affect hardware, applications, data, or networks negatively. The main objectives of a Zero-day attack are for hackers or attackers to be able steal sensitive information, legal documents, enterprises data, and other information. We have analyzed the lifecycle of Zero-day vulnerabilities and different detection methodologies. In this paper, we propose a novel hybrid layered architecture framework for Zero-day attack detection and analysis in real-time, which is based on statistics, signatures, and behavior techniques. To enhance our architecture, we used an SVM approach in order to provide unsupervised learning and minimize false alarm detection capabilities.

KW - Anomaly behavior

KW - Exploit

KW - Support vector machine

KW - Zero-day attacks

UR - http://www.scopus.com/inward/record.url?scp=85019073233&partnerID=8YFLogxK

U2 - 10.1016/j.comcom.2017.01.019

DO - 10.1016/j.comcom.2017.01.019

M3 - Article

AN - SCOPUS:85019073233

SN - 0140-3664

VL - 106

SP - 100

EP - 106

JO - Computer Communications

JF - Computer Communications

ER -

A hybrid layered architecture for detection and analysis of network based Zero-day attack

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this