Managing intrusion detection rule sets

12 years 3 months ago
Managing intrusion detection rule sets
The prevalent use of the signature-based approach in modern intrusion detection systems (IDS) emphasizes the importance of the efficient management of the employed signature sets. With the constant discovery of new threats and vulnerabilities, the complexity and size of signature sets reach the point where the manual management of rules becomes a challenging (if not impossible) task for the system administrators. While the automated support of signature management is desirable, the main difficulty that arises in this context is the diversity in syntactical representations of signatures generally allowed in IDS. In this paper, we focus on the automated approach to signature management. Specifically, we propose a model for signature analysis that brings out the semantic inconsistencies in the IDS rule sets. To address the syntactical diversity of the signatures, we use the strengths of a nondeterministic automaton (NFA) and model the individual rules as finite machines to analyze thei...
Natalia Stakhanova, Ali A. Ghorbani
Added 03 Jul 2010
Updated 03 Jul 2010
Type Conference
Year 2010
Authors Natalia Stakhanova, Ali A. Ghorbani
Comments (0)