A Pattern Matching Based Filter for Audit Reduction and Fast Detection of Potential Intrusions
نویسندگان
چکیده
We present a pattern matching approach to the problem of misuse detection in a computer system, which is formalized as the problem of multiple approximate pattern matching. This permits very fast searching of potential attacks. We study the probability of matching of the model and its relation to the filtering efficiency of potential attacks within large audit trails. Experimental results show that in a worst case, up to 85 % of an audit trail may be filtered out when searching a set of attacks without probability of false negatives. Moreover, by filtering 98 % of the audit trail, up to 50 % of the attacks may be detected.
منابع مشابه
Improvement and parallelization of Snort network intrusion detection mechanism using graphics processing unit
Nowadays, Network Intrusion Detection Systems (NIDS) are widely used to provide full security on computer networks. IDS are categorized into two primary types, including signature-based systems and anomaly-based systems. The former is more commonly used than the latter due to its lower error rate. The core of a signature-based IDS is the pattern matching. This process is inherently a computatio...
متن کاملEvaluation of an Intrusion Detection System for Routing Attacks in Wireless Self-organised Networks
Wireless Sensor Networks (WSNs) arebecoming increasingly popular, and very useful in militaryapplications and environmental monitoring. However,security is a major challenge for WSNs because they areusually setup in unprotected environments. Our goal in thisstudy is to simulate an Intrusion Detection System (IDS)that monitors the WSN and report intrusions accurately andeffectively. We have thus...
متن کاملIMPLEMENTATION OF EXTENDED KALMAN FILTER TO REDUCE NON CYCLO-STATIONARY NOISE IN AERIAL GAMMA RAY SURVEY
Gamma-ray detection has an important role in the enhancement the nuclear safety and provides a proper environment for applications of nuclear radiation. To reduce the risk of exposure, aerial gamma survey is commonly used as an advantage of the distance between the detection system and the radiation sources. One of the most important issues in aerial gamma survey is the detection noise. Various...
متن کاملImproved Single Keyword Pattern Matching Algorithm for Intrusion Detection System
With the spreading of the internet and online procedures requesting a secure channel, it has become an inevitable requirement to provide the network security. It is very clear that firewalls are not enough to secure a network completely because the attacks committed from outside of the network are stopped whereas inside attacks are not. This is the situation where intrusions detection systems (...
متن کاملA Hybrid Framework for Building an Efficient Incremental Intrusion Detection System
In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of weak classifiers to implement misuse intrusion detection system. It can identify new classes types of intrusions that do not exist in the training dataset for incremental misuse detection. As...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2000