Rule Generalisation in Intrusion Detection Systems using Snort

Computer Science – Neural and Evolutionary Computing

Scientific paper

Rate now

[ 0.00 ] – not rated yet Voters 0 Comments 0

Details Rule Generalisation in Intrusion Detection Systems using Snort Rule Generalisation in Intrusion Detection Systems using Snort

: 2008-03-20
: arxiv.org/abs/0803.2973v2
: International Journal of Electronic Security and Digital Forensics, 1 (1), pp 101-116, 2007
: Computer Science
: Neural and Evolutionary Computing

: Scientific paper
: 10.1504/IJESDF.2007.013596,
: Intrusion Detection Systems (ids)provide an important layer of security for computer systems and networks, and are becoming more and more necessary as reliance on Internet services increases and systems with sensitive data are more commonly open to Internet access. An ids responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this activity. The majority of ids use a set of signatures that define what suspicious traffic is, and Snort is one popular and actively developing open-source ids that uses such a set of signatures known as Snort rules. Our aim is to identify a way in which Snort could be developed further by generalising rules to identify novel attacks. In particular, we attempted to relax and vary the conditions and parameters of current Snort rules, using a similar approach to classic rule learning operators such as generalisation and specialisation. We demonstrate the effectiveness of our approach through experiments with standard datasets and show that we are able to detect previously undeleted variants of various attacks. We conclude by discussing the general effectiveness and appropriateness of generalisation in Snort based ids rule processing.

Affiliated with

Aickelin Uwe

Computer Science – Artificial Intelligence

Scientist

[ 0.00 ] – not rated yet Voters 0 Comments 0

Hesketh-Roberts Thomas

Computer Science – Neural and Evolutionary Computing

Scientist

[ 0.00 ] – not rated yet Voters 0 Comments 0

Twycross Jamie

Computer Science – Artificial Intelligence

Scientist

[ 0.00 ] – not rated yet Voters 0 Comments 0

Also associated with

No associations

LandOfFree

Say what you really think

Search LandOfFree.com for scientists and scientific papers. Rate them and share your experience with other people.

Rating

Rule Generalisation in Intrusion Detection Systems using Snort does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Rule Generalisation in Intrusion Detection Systems using Snort, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Rule Generalisation in Intrusion Detection Systems using Snort will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-577882

All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

Charities
Companies
MP Candidates
Patents
Employee Salary Disclosure

World

Places of the World
Scientific Papers

United States

Banks
Companies
Counties
Patents
Employee Salary Disclosure