Building intrusion pattern miner for Snort network intrusion detection system

被引:37
|
作者
Wuu, Lih-Chyau [1 ]
Hung, Chi-Hsiang [1 ]
Chen, Sout-Fong [1 ]
机构
[1] Natl Yunlin Univ Sci & Technol, Dept Elect Engn, Yunlin, Taiwan
来源
JOURNAL OF SYSTEMS AND SOFTWARE | 2007年 / 80卷 / 10期
关键词
network-based intrusion detection; data mining; misuse detection; intrusion pattern; Snort NIDS;
D O I
10.1016/j.jss.2006.12.546
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
In this paper, we enhance the functionalities of Snort network-based intrusion detection system to automatically generate patterns of misuse from attack data, and the ability of detecting sequential intrusion behaviors. To that, we implement an intrusion pattern discovery module which applies data mining technique to extract single intrusion patterns and sequential intrusion patterns from a collection of attack packets, and then converts the patterns to Snort detection rules for on-line intrusion detection. In order to detect sequential intrusion behavior, the Snort detection engine is accompanied with our intrusion behavior detection engine. Intrusion behavior detection engine will create an alert when a series of incoming packets match the signatures representing sequential intrusion scenarios. (c) 2007 Elsevier Inc. All rights reserved.
引用
收藏
页码:1699 / 1715
页数:17
相关论文
共 50 条
  • [1] Building intrusion pattern miner for snort network intrusion detection system
    Wuu, LC
    Chen, SF
    [J]. 37TH ANNUAL 2003 INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY, PROCEEDINGS, 2003, : 477 - 484
  • [2] On the fly pattern matching for intrusion detection with Snort
    Abbes, T
    Bouhoula, A
    Rusinowitch, M
    [J]. ANNALS OF TELECOMMUNICATIONS, 2004, 59 (9-10) : 1045 - 1071
  • [3] VoIP Intrusion Detection System with Snort
    Ciz, Pavol
    Labaj, Ondrej
    Podhradsky, Pavol
    Londak, Juraj
    [J]. PROCEEDINGS ELMAR-2012, 2012, : 137 - 140
  • [4] Investigation of the Intrusion Detection System "Snort" Performance
    Paulauskas, N.
    Skudutis, J.
    [J]. ELEKTRONIKA IR ELEKTROTECHNIKA, 2008, (07) : 15 - 18
  • [5] A Network Intrusion Detection System Architecture Based on Snort and Computational Intelligence
    Liu, Tao
    Zhang, Da
    [J]. PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON ELECTRONICS, NETWORK AND COMPUTER ENGINEERING (ICENCE 2016), 2016, 67 : 769 - 775
  • [6] REAL-TIME TRAFFIC DETECTION and ANALYSIS of NETWORK SECURITY INTRUSION ATTACK: SNORT INTRUSION PREVENTION SYSTEM
    Zhou, A.L.
    [J]. Telecommunications and Radio Engineering (English translation of Elektrosvyaz and Radiotekhnika), 2020, 79 (12): : 1055 - 1062
  • [7] Campus Network Security Program Based on Snort Network Security Intrusion Detection System
    Ling, Jia
    [J]. MATERIALS SCIENCE AND INFORMATION TECHNOLOGY, PTS 1-8, 2012, 433-440 : 3235 - 3240
  • [8] Framework of Intrusion Detection System via Snort Application on Campus Network Environment
    Ismail, Mohd Nazri
    Ismail, Mohd Taha
    [J]. INTERNATIONAL CONFERENCE ON FUTURE COMPUTER AND COMMUNICATIONS, PROCEEDINGS, 2009, : 455 - 459
  • [9] Bayesian Classifier and Snort based Network Intrusion Detection System in Cloud Computing
    Modi, Chirag N.
    Patel, Dhiren R.
    Patel, Avi
    Muttukrishnan, Rajarajan
    [J]. 2012 THIRD INTERNATIONAL CONFERENCE ON COMPUTING COMMUNICATION & NETWORKING TECHNOLOGIES (ICCCNT), 2012,
  • [10] Improving Intrusion Detection System Based on Snort Rules for Network Probe Attack Detection
    Khamphakdee, Nattawat
    Benjamas, Nunnapus
    Saiyod, Saiyan
    [J]. 2014 2ND INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY (ICOICT), 2014,
12345