Vorträge und Posterpräsentationen (mit Tagungsband-Eintrag):
P. Frühwirt, S. Schrittwieser, E. Weippl:
"Using machine learning techniques for traffic classification and preliminary surveying of an attackers profile";
Vortrag: ASE International Conference on Privacy, Security, Risk and Trust (PASSAT),
Cambridge, MA, USA;
14.12.2014
- 16.12.2014; in: "International Conference on Privacy, Security, Risk and Trust",
(2014).
Kurzfassung deutsch:
The increasing complexity of systems brings up new attack
vectors and it is therefore easier to compromise systems. A
defender of a system is often forced to quickly assess the
situation and develop an appropriate defense strategy. The
most common way to protect their own networks are In-
trusion Detection Systems (IDS). IDS detect attacks either
using prede ned, static signatures, or based on the behavior
of users. Existing systems are in exible due to static and
often stale signatures and thus can be easily bypassed by
attackers.
This paper on the one hand presents the theoretical con-
cepts of detection of attackers and extends existing attack
mitigation approaches by machine learning mechanisms,
which can be used during security exercise/challenges like
the UCSB International Capture The Flag (iCTF). By
improving and combining static signatures with machine
learning approaches, a new technique of attack detection
called \Classi cation Voting" was developed, which reduces
the number of false positive alerts in an production en-
vironment. Our approach allows the generation of signa-
tures without dedicated domain knowledge by guided man-
ual classi cation of detected network packets. Based on
machine learning, new packets can be further classi ed us-
ing the generated model. At the same time the existing
models of other signatures can be improved by adding new
packets.
Kurzfassung englisch:
The increasing complexity of systems brings up new attack
vectors and it is therefore easier to compromise systems. A
defender of a system is often forced to quickly assess the
situation and develop an appropriate defense strategy. The
most common way to protect their own networks are In-
trusion Detection Systems (IDS). IDS detect attacks either
using prede ned, static signatures, or based on the behavior
of users. Existing systems are in exible due to static and
often stale signatures and thus can be easily bypassed by
attackers.
This paper on the one hand presents the theoretical con-
cepts of detection of attackers and extends existing attack
mitigation approaches by machine learning mechanisms,
which can be used during security exercise/challenges like
the UCSB International Capture The Flag (iCTF). By
improving and combining static signatures with machine
learning approaches, a new technique of attack detection
called \Classi cation Voting" was developed, which reduces
the number of false positive alerts in an production en-
vironment. Our approach allows the generation of signa-
tures without dedicated domain knowledge by guided man-
ual classi cation of detected network packets. Based on
machine learning, new packets can be further classi ed us-
ing the generated model. At the same time the existing
models of other signatures can be improved by adding new
packets.