• DocumentCode
    2024626
  • Title

    Measuring Inconsistency in Network Intrusion Rules

  • Author

    McAreavey, Kevin ; Liu, Weiru ; Miller, Paul

  • Author_Institution
    Sch. of Electron., Electr. Eng. & Comput. Sci, Queen´´s Univ. Belfast, Belfast, UK
  • fYear
    2011
  • fDate
    Aug. 29 2011-Sept. 2 2011
  • Firstpage
    339
  • Lastpage
    344
  • Abstract
    In this preliminary case study, we investigate how inconsistency in a network intrusion detection rule set can be measured. To achieve this, we first examine the structure of these rules which incorporate regular expression (Regex) pattern matching. We then identify primitive elements in these rules in order to translate the rules into their (equivalent) logical forms and to establish connections between them. Additional rules from background knowledge are also introduced to make the correlations among rules more explicit. Finally, we measure the degree of inconsistency in formulae of such a rule set (using the Scoring function, Shapley inconsistency values and Blame measure for prioritized knowledge) and compare the in formativeness of these measures. We conclude that such measures are useful for the network intrusion domain assuming that incorporating domain knowledge for correlation of rules is feasible.
  • Keywords
    game theory; pattern matching; security of data; Blame prioritized knowledge measure; Shapley inconsistency values; domain knowledge; inconsistency handling; inconsistency measurement; network intrusion detection rule set inconsistency; regular expression pattern matching; scoring function; Atomic measurements; Correlation; Databases; Intrusion detection; Knowledge based systems; Pattern matching; Network intrusion detection; inconsistency measures;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Database and Expert Systems Applications (DEXA), 2011 22nd International Workshop on
  • Conference_Location
    Toulouse
  • ISSN
    1529-4188
  • Print_ISBN
    978-1-4577-0982-1
  • Type

    conf

  • DOI
    10.1109/DEXA.2011.51
  • Filename
    6059840