DocumentCode :
410105
Title :
Two-step rule estimation (TRE) - intrusion detection method against eluding NIDS
Author :
Byeong-Cheol Choi ; Dong-il Seo ; Sung-Won Sohn
Author_Institution :
ETRI
Volume :
1
fYear :
2004
fDate :
9-11 Feb. 2004
Firstpage :
504
Lastpage :
507
Abstract :
In this paper, we propose a TRE (Two-step Rule Estimation) method that can avoid eluding attacks of NIDS (Network-based Intrusion Detection System). Many existing NIDS have used rule-based pattern-matching method, that is, an expert system. However, this method is very vulnerable to insertion and evasion attacks. The TRE method proposed in this paper consists of two processes; the first process involves a preprocessor that searches for the optimal rule similar to a captured packet, and the second process involves a main processor that achieves adaptive pattern matching. The TRE is designed to detect various kinds of eluding attacks and can decrease the miss-detection probability of the rule-based pattern matching that is usually used in NIDS.
Keywords :
Computer crime; Condition monitoring; Expert systems; Information security; Intrusion detection; Pattern analysis; Pattern matching; Performance analysis; Insertion and Evasion Attacks; Rule-based Pattern Matching; TRE; Vulnerability of NIDS;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Advanced Communication Technology, 2004. The 6th International Conference on
Conference_Location :
Phoenix Park, Korea
Print_ISBN :
89-5519-119-7
Type :
conf
DOI :
10.1109/ICACT.2004.1292920
Filename :
1292920
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=410105
بازگشت