DocumentCode
2968704
Title
Building intrusion pattern miner for snort network intrusion detection system
Author
Wuu, Lih-Chyau ; Chen, Sout-Fong
Author_Institution
Dept. of Electron. Eng., Nat. Yunlin Univ. of Sci. & Technol., Taiwan
fYear
2003
fDate
14-16 Oct. 2003
Firstpage
477
Lastpage
484
Abstract
We propose a framework for Snort network-based intrusion detection system to make it have the ability of not only catching new attack patterns automatically, but also detecting sequential attack behaviors. To do that, we first build an intrusion pattern discovery module to find single intrusion patterns and sequential intrusion patterns from a collection of attack packets in offline training phase. The module applies data mining technique to extract descriptive attack signatures from large stores of packets, and then it converts the signatures to Snort detection rules for online detection. In order to detect sequential intrusion behavior, the Snort detection engine is accompanied with our intrusion behavior detection engine. When a series of incoming packets match the signatures representing sequential intrusion scenarios, intrusion behavior detection engine make an alert.
Keywords
authorisation; computer networks; data mining; message authentication; pattern recognition; Snort detection engine; Snort detection rules; Snort network intrusion detection system; data mining; descriptive attack signature extraction; intrusion behavior detection engine; intrusion pattern discovery module; intrusion pattern miner; Computer networks; Computer security; Computerized monitoring; Data mining; Data security; Electronic mail; Engines; Intrusion detection; Phase detection; Telecommunication traffic;
fLanguage
English
Publisher
ieee
Conference_Titel
Security Technology, 2003. Proceedings. IEEE 37th Annual 2003 International Carnahan Conference on
Print_ISBN
0-7803-7882-2
Type
conf
DOI
10.1109/CCST.2003.1297607
Filename
1297607
Link To Document