ABSTRACT
Malicious network data are becoming more and more serious nowadays. To deal with this problem, IDSs are used popularly as a security technology that helps to discover, determine and identify unauthorized use of information systems. However, the attacking technologies are becoming more complicated and require more time to detect. In order to make sure that IDS can work efficiently and accurately, novel algorithms need to be applied to adapt to the quick change of attacking technologies. There are many algorithms that are proposed to work on the matching process. Kruegel et al. generated a decision tree that is utilized to find malicious input items using as few redundant comparisons as possible [1].
In this paper, we improve Kruegel's algorithm by changing the clustering strategy for building the decision tree. The experiments show that the quality of the output decision tree could be significantly improved.
- C. Kruegel and T. Toth, Automatic Rule Clustering for improved, signature based Intrusion Detection, tech. Report, Distributed System Group, Technical Univ. Vienna, Austria.Google Scholar
- Wu S. and Manber U. A Fast Algorithm for Multi-Pattern Search. Technical Report TR94-17, Dept. Computer Science, Univ. of Arizona, 1994.Google Scholar
- Aho A. V and Corasick M. J. Efficient String Matching: An Aid to Bibliographic Search. Comm. ACM, 18, 6, 330--340, 1975. Google ScholarDigital Library
- Snort, http://www.snort.org, 2012.Google Scholar
- IDS from wikipedia, http://en.wikipedia.org/wiki/IDS.Google Scholar
- Wenke Lee, Sal Stolfo, and Kui Mok. A Data Mining Framework for Building Intrusion Detection Models. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1999.Google Scholar
- Sheu, T.-F., Huang, N.-F and Lee, H.-P., In-Depth Packet Inspection Using a Hierarchical Pattern Matching Algorithm. IEEE Transactions on Dependable and Secure Computing, 7, 2 (2010). Google ScholarDigital Library
- Quinlan JR, Introduction of Decision Trees, Machine Learning, Vol. 1, pp. 81--106, 1986. Google ScholarDigital Library
- Quinlan, JR. Discovering rules by induction from large collections of examples. In Expert Systems in the Micro-Electronic Age. Edinburgh University Press, 1979.Google Scholar
Index Terms
- Improved signature based intrusion detection using clustering rule for decision tree
Recommendations
An Adaptive Rule-Based Intrusion Alert Correlation Detection Method
ICNDC '10: Proceedings of the 2010 First International Conference on Networking and Distributed ComputingIntrusion detection system (IDS) is a security layer that is used to discover ongoing intrusive attacks and anomaly activities in information systems and is usually working in a dynamically changing environment. Although increasing IDSs are developed in ...
Dynamically Detecting Security Threats and Updating a Signature-Based Intrusion Detection System’s Database
AbstractThe electronic attacks that threaten the security of networks and information are increasing, especially during the current rapid electronic revolution. Therefore, it is necessary to use surveillance and protection systems in order to secure ...
A Clustering Method for Improving Performance of Anomaly-Based Intrusion Detection System
Intrusion detection system (IDS) has played a central role as an appliance to effectively defend our crucial computer systems or networks against attackers on the Internet. The most widely deployed and commercially available methods for intrusion ...
Comments