Automatic Generation of Novel Intrusion Signatures Using One-Class Classifiers and Inductive Learning Methods (Technical note)

Abstract

In this paper, we propose an approach for automatic generation of novel intrusion signatures. This approach can be used in the signature-based Network Intrusion Detection Systems (NIDSs) and for the automation of the process of intrusion detection in these systems. In the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. Then, in the detection phase, any traffic that does not match with the known intrusion signatures and deviates from the established normal profile is detected as a novel intrusion. Using an inductive learning method, the signature of this novel intrusion is generated and the signature database is automatically updated. We evaluate our approach by performing experiments on the dataset provided by the DARPA Intrusion Detection Evaluation Program. The results of experiments show that our proposed approach can be successfully used for automatic generation of novel intrusion signatures.

Keywords