Using Patch Management Tools to Enhance the Signature Customization for IDS Based on Vulnerability Scanner

Author

Badawy, Mohamed Alfateh ; El-Fishawy, Nawal A. ; Elshakankiry, Osama

fYear

2014

fDate

7-9 April 2014

Firstpage

529

Lastpage

533

Abstract

Signature customization is a technique to help the misuse network based IDS to select an appropriate signature for the protected hosts. Additionally, it eliminates unnecessary signature matching in order to enhance the detection capabilities for the NIDS. This paper assesses the effectiveness of depending only on vulnerability scanners to perform signature customization. In addition, it introduces the integration of vulnerability scanners with patch management tools to limit the number of false positive and false negative customizations. The results show that adding the patch management tools to the integration between the NIDS and vulnerability scanners can reduce the false signature customization. The proposed system will insure tuning accuracy for average of 30% of all shielded rules in the original signature customization system, accordingly improving the overall detection efficiency for the IDS.

Keywords

computer network security; digital signatures; NIDS; false negative customizations; false positive customizations; intrusion detection system; network based IDS; patch management tools; signature customization system; signature matching; vulnerability scanners; Accuracy; Computer architecture; Computers; Intrusion detection; NIST; Software; NIDS; Snort; Vulnerability assessment; WSUS; risk assessment;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology: New Generations (ITNG), 2014 11th International Conference on

Conference_Location

Las Vegas, NV

Print_ISBN

978-1-4799-3187-3

Type

conf

DOI

10.1109/ITNG.2014.78

Filename

6822251