Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROSEC
2010
ACM
2010
ACM
Managing intrusion detection rule sets
The prevalent use of the signature-based approach in modern intrusion detection systems (IDS) emphasizes the importance of the efficient management of the employed signature sets. With the constant discovery of new threats and vulnerabilities, the complexity and size of signature sets reach the point where the manual management of rules becomes a challenging (if not impossible) task for the system administrators. While the automated support of signature management is desirable, the main difficulty that arises in this context is the diversity in syntactical representations of signatures generally allowed in IDS. In this paper, we focus on the automated approach to signature management. Specifically, we propose a model for signature analysis that brings out the semantic inconsistencies in the IDS rule sets. To address the syntactical diversity of the signatures, we use the strengths of a nondeterministic automaton (NFA) and model the individual rules as finite machines to analyze thei...
Real-time TrafficRelated Content
| Added | 03 Jul 2010 |
| Updated | 03 Jul 2010 |
| Type | Conference |
| Year | 2010 |
| Where | EUROSEC |
| Authors | Natalia Stakhanova, Ali A. Ghorbani |
Comments (0)
Researcher Info
|
