CFP last date
20 January 2025
Call for Paper
February Edition
IJCA solicits high quality original research papers for the upcoming February edition of the journal. The last date of research paper submission is 20 January 2025

Submit your paper
Know more
The week's pick
Responsive image
Implementation of Feature Selection Using Correlation Matrix in Python

Ahmad Farhan AlShammari
Random Articles
Reseach Article

An Efficient Approach towards Assessment of Zero-day Attacks

by Muhammad Inzimam, Chen Yongle, Zhuangzhuang Zhang
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 177 - Number 26
Year of Publication: 2019
Authors: Muhammad Inzimam, Chen Yongle, Zhuangzhuang Zhang
10.5120/ijca2019919742

Muhammad Inzimam, Chen Yongle, Zhuangzhuang Zhang . An Efficient Approach towards Assessment of Zero-day Attacks. International Journal of Computer Applications. 177, 26 ( Dec 2019), 34-39. DOI=10.5120/ijca2019919742

@article{ 10.5120/ijca2019919742,
author = { Muhammad Inzimam, Chen Yongle, Zhuangzhuang Zhang },
title = { An Efficient Approach towards Assessment of Zero-day Attacks },
journal = { International Journal of Computer Applications },
issue_date = { Dec 2019 },
volume = { 177 },
number = { 26 },
month = { Dec },
year = { 2019 },
issn = { 0975-8887 },
pages = { 34-39 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume177/number26/31064-2019919742/ },
doi = { 10.5120/ijca2019919742 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:47:00.924712+05:30
%A Muhammad Inzimam
%A Chen Yongle
%A Zhuangzhuang Zhang
%T An Efficient Approach towards Assessment of Zero-day Attacks
%J International Journal of Computer Applications
%@ 0975-8887
%V 177
%N 26
%P 34-39
%D 2019
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The biggest threat to the security of any organization is a zero-day attack, a large portion of the most significant organizations don't have a clue or notice the attack and thus, the contamination spread quicker before they can even respond. Zero-day attacks/threats are known as the most dangerous attack on the particular organization since they are startling. Though, the vast majority of the organizations previously set themselves up for known dangers and, zero-day attacks happen out of nowhere and are regularly occur by unknown intruders. Zero-day attacks cannot be detected from regular signature-based protections and thus represented a significant danger to corporate systems. It cannot be noticed until particular vulnerabilities are distinguished and detailed. It’s very challenging to protect against zero-day attack yet sometime defense can’t distinguish because of unknown signature and it performs action. Ensuring systems, applications, and frameworks from zero-day attacks are the overwhelming undertaking for an association's security. This method dissected the examination endeavors in connection to the recognition of zero-day attacks. The principal restrictions of existing methodologies are the signature-based of complicated operations and the false disturbing pace of unusual conduct. In order to fight this threat, the method proposed in this paper is to procedure framework for zero-day attack investigation and recognition. The framework detects the association's system and screens the conduct action of zero-day misuse at every single phase of their life cycle. The methodology in this paper gives a self-learning-based structure to detect arrange traffic that recognizes atypical conduct of the system to distinguish the nearness of zero-day exploitation. This structure utilizes administered arrangement plans for evaluation of known classes with the flexibility of self-characterization to recognize the new dimension of analysis.

References
  1. S. Shah and B. M. Mehtre, “An overview of vulnerability assessment and penetration testing techniques,” J. Comput. Virol. Hacking Tech., vol. 11, no. 1, pp. 27–49, 2015.
  2. A. Greenberg, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits.”
  3. A. Shaout and C. Smyth, “Fuzzy zero day exploits detector system,” Int. J. Adv. Comput. Res., vol. 7, no. 31, pp. 154–163, 2017.
  4. D. Hammarberg, “Information Security Reading Room The Best Defenses Against Zero-day Exploits for Various-sized Organizations ______________________________,” 2019.
  5. “A. Lelli. The Trojan.Hydraq incident: Analysis of the Aurora 0-day exploit.”
  6. “R. McMillan. RSA spearphish attack may have hit US defense organizations. PC World, 8 September 2011.”
  7. “U. Rivner. Anatomy of an attack, 1 April 2011.”
  8. “Symantec Corporation. Symantec Internet security threat report, volume 17.”
  9. A. Aleroud and G. Karabatis, “Toward zero-day attack identification using linear data transformation techniques,” Proc. - 7th Int. Conf. Softw. Secur. Reliab. SERE 2013, pp. 159–168, 2013.
  10. L. Bilge and T. Dumitras, “Before we knew it: An empirical study of zero-day attacks in the real world,” Proc. ACM Conf. Comput. Commun. Secur., pp. 833–844, 2012.
  11. U. K. Singh, C. Joshi, and S. K. Singh, “Zero day Attacks Defense Technique for Protecting System against Unknown Vulnerabilities,” no. 1, pp. 13–18, 2017.
  12. C. Joshi and U. Kumar Singh, “ADMIT- A Five Dimensional Approach towards Standardization of Network and Computer Attack Taxonomies,” Int. J. Comput. Appl., vol. 100, no. 5, pp. 30–36, 2014.
  13. T. N. Brooks, “Survey of automated vulnerability detection and exploit generation techniques in cyber reasoning systems,” Adv. Intell. Syst. Comput., vol. 857, pp. 1083–1102, 2019.
  14. Z. Li, M. Sanghi, Y. Chen, M. Y. Kao, and B. Chavez, “Hamsa: Fast signature generation for zero-day polymorphic worms with provable attack resilience,” Proc. - IEEE Symp. Secur. Priv., vol. 2006, pp. 32–46, 2006.
  15. A. Lelli., “(2010, Jan.) The trojan. hydraq incident: Analysis of the aurora 0-day exploit, Available.”
  16. and E. C. N. Falliere, L. O. Murchu, “Chien.(2011, Feb.) W32.stuxnet dossier, Available:”
  17. A. Symantec. (2011, Nov.) W32.duqu the precursor to the next stuxnet, “No Title.”
  18. R. Goyal, S. Sharma, S. Bevinakoppa, and P. Watters, “Obfuscation of Stuxnet and Flame Malware,” Wseas.Us, pp. 150–154, 2013.
  19. D. Hammarberg, “―The Best Defenses against Zero-day Exploits for Various-sized Organizations‖, SANS Institute InfoSec Reading Room, September 21st 2014.”
  20. M. Albanese, S. Jajodia, and S. Noel, “―A time-efficient approach to cost-effective network hardening using attack graphs,‖ in Proceedings of DSN’12, 2012, pp. 1–12.”
  21. O. F. R. Y. Alosefer, “‘Predicting client-side attacks via behavior analysis using honeypot data’, Next Generation Web Services Practices (NWeSP), 2011 7th International Conference on Next Generation Web Services Practices, pp.31,36, 19-21 Oct. 2011.”
Index Terms

Computer Science
Information Sciences

Keywords

Security Vulnerabilities Zero-day attack

Powered by PhDFocusTM