Title :
Set-Based Calculation of Topological Relations between Snort Rules
Author :
Yi Yin ; Yun Wang ; Takahashi, Naohisa
Author_Institution :
Sch. of Comput. Sci. & Technol., Nanjing Normal Univ., Nanjing, China
Abstract :
Snort is the most popular Intrusion Detection Systems (IDS). It will generate alert messages when an arrival packet matches some of the pre-defined rules. Snort has some problems as follows: it tries the matching for all of the rules even when the packet never matches some rules in case of matching some other rules, and it provides contradictory and redundant alert messages when a set of erroneous and poorly-organized rules is given. This paper proposes a method for characterizing relations between Snort rules towards the solutions for the above problems. The proposed method calculates topological relations between Snort rules based on a set theory.
Keywords :
security of data; set theory; IDS; Snort rules; intrusion detection system; set theory; set-based calculation; topological relation characterization; Acceleration; Computer science; Educational institutions; Firewalls (computing); Intrusion detection; Payloads; Set theory; Snort Rul;
Conference_Titel :
Computing and Networking (CANDAR), 2014 Second International Symposium on
DOI :
10.1109/CANDAR.2014.58
