DocumentCode :
2968704
Title :
Building intrusion pattern miner for snort network intrusion detection system
Author :
Wuu, Lih-Chyau ; Chen, Sout-Fong
Author_Institution :
Dept. of Electron. Eng., Nat. Yunlin Univ. of Sci. & Technol., Taiwan
fYear :
2003
fDate :
14-16 Oct. 2003
Firstpage :
477
Lastpage :
484
Abstract :
We propose a framework for Snort network-based intrusion detection system to make it have the ability of not only catching new attack patterns automatically, but also detecting sequential attack behaviors. To do that, we first build an intrusion pattern discovery module to find single intrusion patterns and sequential intrusion patterns from a collection of attack packets in offline training phase. The module applies data mining technique to extract descriptive attack signatures from large stores of packets, and then it converts the signatures to Snort detection rules for online detection. In order to detect sequential intrusion behavior, the Snort detection engine is accompanied with our intrusion behavior detection engine. When a series of incoming packets match the signatures representing sequential intrusion scenarios, intrusion behavior detection engine make an alert.
Keywords :
authorisation; computer networks; data mining; message authentication; pattern recognition; Snort detection engine; Snort detection rules; Snort network intrusion detection system; data mining; descriptive attack signature extraction; intrusion behavior detection engine; intrusion pattern discovery module; intrusion pattern miner; Computer networks; Computer security; Computerized monitoring; Data mining; Data security; Electronic mail; Engines; Intrusion detection; Phase detection; Telecommunication traffic;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Security Technology, 2003. Proceedings. IEEE 37th Annual 2003 International Carnahan Conference on
Print_ISBN :
0-7803-7882-2
Type :
conf
DOI :
10.1109/CCST.2003.1297607
Filename :
1297607
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2968704
بازگشت