Byte Level NIDS Improvement
Journal Title: International Journal on Computer Science and Engineering - Year 2012, Vol 4, Issue 3
Abstract
Byte sequences are used in multiple network intrusion detection systems (NIDS) as signatures to detect nasty activity. Though being highly competent, a high rate of false-positive rate is found. Here we suggest the concept of contextual signatures as an enhancement to string-based signaturematching. Instead of matching isolated fixed strings, we enhance the matching process with added context. While designing a proficient signature engine for the NIDS, we provide low-level perspective by using regular expressions for matching, and high-level perspective by taking advantage of the semantic information made available by protocol analysis and scripting language. Thereafter, we greatly augment the signature’s articulateness and hence the ability to reduce false positives. Multiple examples are presented such as matching request matching with replies, using environmental knowledge, defining dependencies between signatures to model step-wise attacks, and recognizing exploit scans.
Authors and Affiliations
Dr. Sameer Shrivastava
Keywords
Related Articles
- EP ID EP140298
- DOI -
- Views 121
- Downloads 0
FREQUENT DATA GENERATION USING RELATIVE DATA ANALYSIS
Traditional association rule mining method mines association rules only for the items bought by the customer. However an actual transaction consists of the items bought by the customer along with the quantity of items bo...
Specifying a model of semantic web service composition
One of the major issues of semantic web is the discovery and identification of the best service that responds to a user request. In this article we specify a semantic web services composition model built through an ontol...
Overview of techniques used for image resolution enhancement
Image resolution enhancement is one of the first steps in image processing. Image resolution enhancement is the process of manipulating an image so that resultant image is more suitable than the original one for specific...
Energy Efficient Adaptive Clustering for Heterogeneous Sensor Networks with power control
Wireless sensor networks are energy constraint battery powered sensing, computing and communication infrastructure. Sensor nodes are randomly deployed and organized as clusters, and each node is responsible for transmitt...
A Survey on Early Determination of Zero Quantized Coefficients in Video Coding
In video encoding, there are a large number of discrete cosine transform (DCT) coefficients of the prediction residue which are quantized to zeros. Therefore, it is desired to design a method which can early detect zero...