Dynamical analysis of diversity in rule-based open source network intrusion detection systems
نویسندگان
چکیده
Abstract Diverse layers of defence play an important role in the design defence-in-depth architectures. The use Intrusion Detection Systems (IDSs) are ubiquitous this design. But selection “right” IDSs various configurations is decision that security architects need to make. Additionally, ability these adapt evolving threat-landscape also needs be investigated. To help with decisions, we rigorous quantitative analysis. In paper, present a diversity analysis open-source IDSs, Snort and Suricata, tune/deploy IDSs. We analyse two types diversities IDSs; configurational functional diversity. analysis, investigate sets rules Blacklisted IP Addresses (BIPAs) their configurations. investigates differences alerting behaviours when they real network traffic, how evolve. experiment utilises snapshots BIPAs collected over period 5 months, from May October 2017. have been for three different off-the-shelf default IDS Emerging Threats (ET) configuration Suricata IDS. behaviour sample traffic same time window. Analysing systems allows us get insights into where comes from, does it evolve whether has any effect on This gives insight can combine layer deployment.
منابع مشابه
analysis of power in the network society
اندیشمندان و صاحب نظران علوم اجتماعی بر این باورند که مرحله تازه ای در تاریخ جوامع بشری اغاز شده است. ویژگیهای این جامعه نو را می توان پدیده هایی از جمله اقتصاد اطلاعاتی جهانی ، هندسه متغیر شبکه ای، فرهنگ مجاز واقعی ، توسعه حیرت انگیز فناوری های دیجیتال، خدمات پیوسته و نیز فشردگی زمان و مکان برشمرد. از سوی دیگر قدرت به عنوان موضوع اصلی علم سیاست جایگاه مهمی در روابط انسانی دارد، قدرت و بازتولید...
15 صفحه اولEntropy Based Fuzzy Rule Weighting for Hierarchical Intrusion Detection
Predicting different behaviors in computer networks is the subject of many data mining researches. Providing a balanced Intrusion Detection System (IDS) that directly addresses the trade-off between the ability to detect new attack types and providing low false detection rate is a fundamental challenge. Many of the proposed methods perform well in one of the two aspects, and concentrate on a su...
متن کاملBro: An Open Source Network Intrusion Detection System
Bro is a powerful, but largely unknown open source network intrusion detection system. Based on a sound design, Bro achieves its main goals – separating policy from mechanisms, efficient operation in high-volume networks, and withstanding attacks against itself – by using an event-driven approach. Bro contains several analyzers (e.g. protocol decoders for a variety of network protocols and a si...
متن کاملIntrusion Detection in IOT based Networks Using Double Discriminant Analysis
Intrusion detection is one of the main challenges in wireless systems especially in Internet of things (IOT) based networks. There are various attack types such as probe, denial of service, remote to local and user to root. In addition to known attacks and malicious behaviors, there are various unknown attacks that some of them have similar behavior with respect to each other or mimic the norma...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Empirical Software Engineering
سال: 2021
ISSN: ['1382-3256', '1573-7616']
DOI: https://doi.org/10.1007/s10664-021-10046-w