Attack Detection Method by Packet Analysis Using Online Learning Method and Correlation Change Method
Recently, information systems are used in universities and companies and have become essential to work. However, cyber-attacks, such as stealing confidential information, stopping systems and tampering with information, pose risks. Anomaly detection and misuse detection based on machine learning and statistical methods for network monitoring are
used as countermeasures against cyber-attacks. In this paper, we propose a structural change detection method. If abnormal traffic is monitored and discovered quickly, we can implement countermeasures before confidential information is stolen and serves are stopped. The proposed structural change detection method attempts to detect cyber-attack using structural changes. In addition, we propose an anomaly detection method to detect collapsed correlation via an attack on a network by structural change detection, where HTTP-DNS and syn-ack pairs are used as attributes. We conducted a experiment to evaluate the proposed structural change detection method. As a result, relative to availability and confidentiality, security can be reinforced.
Published in: World Congress on Sustainable Technologies (WCST-2019)
- Date of Conference: 9-11 December 2019
- DOI: 10.2053/ICITST.WorldCIS.WCST.WCICSS.2019.0011
- ISBN: 978-1-913572-06-8
- Conference Location: London, UK