Title :
A case-based approach to network intrusion detection
Author :
Schwartz, Daniel G. ; Stoecklin, Sara ; Yilmaz, Erbil
Author_Institution :
Dept. of Comput. Sci., Florida State Univ., Tallahassee, FL, USA
Abstract :
This paper reports progress on creating a case-based implementation of the well-known Snort intrusion detection system. Snort is a simple rule-based system that is known to suffer limitations, including both failure to detect certain kinds of intrusions and the frequent raising of false alarms. We believe that a case-based reasoning approach can provide a framework in which to incorporate more sophisticated artificial intelligence techniques that will help overcome some of these limitations. In addition, the present system is intended to apply more generally to other aspects of network security, as well as other domains related to protecting the nation\´s critical infrastructure. The system is being built using the modern software engineering technique known as "adaptive" or "reflective architectures," which will make it easily adaptable to other kinds of problem domain.
Keywords :
case-based reasoning; computer networks; security of data; software architecture; telecommunication security; Snort intrusion detection system; adaptive architectures; artificial intelligence techniques; case-based reasoning; critical infrastructure protection; false alarms; network intrusion detection; reflective architectures; rule-based system; software engineering; Computer science; Information security; Intrusion detection; Java; Knowledge based systems; Modems; Open source software; Payloads; Protection; XML;
Conference_Titel :
Information Fusion, 2002. Proceedings of the Fifth International Conference on
Conference_Location :
Annapolis, MD, USA
Print_ISBN :
0-9721844-1-4
DOI :
10.1109/ICIF.2002.1020933
