Title :
Automated Technique for Debugging Network Intrusion Detection Systems
Author :
Nehinbe, Joshua Ojo
Author_Institution :
Univ. of Essex, Colchester, UK
Abstract :
Signature-based Intrusion Detection Systems have numerous redundant rules that do not match network attacks during intrusion detections. Instead, the toolkits have low efficacies in matching each packet with all the detection rules to avoid false positives. Unfortunately, there are no automatic functionalities to debug expert systems so that all noisy signatures and rules set that trigger false alerts are isolated. Hence, heuristic methods are wrongly applied in realistic networks. Consequently, there are alarming cases of network attacks despite the inclusion of network detectors on the networks. Therefore, this paper presents an automated approach that enable system administrators to debug network detectors. We matched alerts that a network detector generated together to identify equivalent, duplicate and unique rules. Furthermore, we merged equivalent rules together to reduce them to unique rules and this method has efficiently debugged expert systems when we benchmarked it with different kinds of realistic and synthetic datasets.
Keywords :
computer debugging; security of data; expert system debugging; intrusion detection systems; network attacks; network debugging; network detectors; realistic networks; system administrators; Computer networks; Debugging; Detectors; Event detection; Expert systems; Intelligent networks; Intelligent systems; Intrusion detection; Organizational aspects; Protection; intrusion aggregations; overlapping rules; signatures;
Conference_Titel :
Intelligent Systems, Modelling and Simulation (ISMS), 2010 International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4244-5984-1
DOI :
10.1109/ISMS.2010.72
