Validation Methods of Suspicious Network Flows for Unknown Attack Detection

The false rate of the detection methods which are based on abnormal traffic behavior is a little high and the accuracy of the signature generation is relatively low. Moreover, it is not suitable to detect exploits and generate its signature. In this paper, the authors have presented ZASMIN (Zeroday-Attack Signature Management Infrastructure) system, which is developed for novel network attack detection. This system provides early warning at the moment the attacks start to spread on the network and to block the spread of the cyber attacks by automatically generating a signature that could be used by the network security appliance such as IPS. This system has adopted various technologies - suspicious traffic monitoring, attack validation, polymorphic worm recognition, signature generation - for unknown network attack detection.