EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism
作者: Weizhi Meng , Wenjuan Li , Lam-For Kwok
DOI: 10.1016/J.COSE.2014.02.006
关键词: Intrusion detection system 、 Data mining 、 Filter (video) 、 Network security 、 Matching (statistics) 、 Signature (logic) 、 False alarm 、 Blacklist 、 Network packet 、 Computer science
摘要: Abstract Signature-based network intrusion detection systems (NIDSs) have been widely deployed in current security infrastructure. However, these suffer from some limitations such as packet overload, expensive signature matching and massive false alarms a large-scale environment. In this paper, we aim to develop an enhanced filter mechanism (named EFM ) comprehensively mitigate issues, which consists of three major components: context-aware blacklist-based filter, exclusive component KNN-based alarm filter. The experiments, were conducted with two data sets environment, demonstrate that our proposed can overall enhance the performance signature-based NIDS Snort aspects filtration, improvement reduction without affecting security.
sci-hub.se 参考文章(43)
Yuxin Meng, Lam-for Kwok, Adaptive False Alarm Filter Using Machine Learning in Intrusion Detection Springer, Berlin, Heidelberg. pp. 573- 584 ,(2011) , 10.1007/978-3-642-25658-5_68
Ming-Yang Su, Kai-Chi Chang, Hua-Fu Wei, Chun-Yuen Lin, Feature Weighting and Selection for a Real-Time Network Intrusion Detection System Based on GA with KNN Intelligence and Security Informatics. pp. 195- 204 ,(2008) , 10.1007/978-3-540-69304-8_20
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Kwok Ho Law, Lam For Kwok, IDS false alarm filtering using KNN classifier workshop on information security applications. pp. 114- 121 ,(2004) , 10.1007/978-3-540-31815-6_10
Yang Li, Bin-Xing Fang, Li Guo, You Chen, TCM-KNN algorithm for supervised network intrusion detection pacific asia workshop on intelligence and security informatics. pp. 141- 151 ,(2007) , 10.1007/978-3-540-71549-8_12
Vern Paxson, Christian Kreibich, Mark Handley, Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics usenix security symposium. pp. 9- 9 ,(2001)
Matt Bishop, Computer Security: Art and Science ,(2002)
Tadeusz Pietraszek, Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection recent advances in intrusion detection. pp. 102- 124 ,(2004) , 10.1007/978-3-540-30143-1_6
Abdulrahman Alharby, Hideki Imai, IDS False Alarm Reduction Using Continuous and Discontinuous Patterns Applied Cryptography and Network Security. pp. 192- 205 ,(2005) , 10.1007/11496137_14
Beate Commentz-Walter, A String Matching Algorithm Fast on the Average international colloquium on automata, languages and programming. pp. 118- 132 ,(1979) , 10.1007/3-540-09510-1_10