Zero-day Attack Identification in Streaming data: Nearest Neighbor Heuristics and Dynamic Semantic Network Generation in the Spark eco-system

Author/Creator ORCID

Date

2017-01-01

Type of Work

Department

Information Systems

Program

Information Systems

Citation of Original Publication

Rights

This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu
Distribution Rights granted to UMBC by the author.

Subjects

Abstract

Intrusion Detection Systems (IDS's) have been in existence for many years now, but they fall short in efficiently detecting zero-day attacks. Over the past decade, anomaly detection has attracted wide attention of numerous researchers to overcome the shortcomings of IDSs (Intrusion Detection Systems) in detecting zero-day attacks. In this research, we design an organic combination of Semantic Link Networks (SLN) and Dynamic Graph generation for the zero-day attacks on the fly into one comprehensive system. Furthermore, to deal with increasing volumes of network traffic and improve full packet analysis efficiency, we employ Spark Streaming platform for parallel detection. To substantiate the performance of zero-day attack detection process; we calculate the relevance of each feature in KDD'99 intrusion detection datasets. Compared to the previous studies on Zero-day attack identification, we witnessed comparably good results as we employed semantic learning and reasoning on top of the training data and also collaborative classification methods.