Automatic Generation of Snort Content Rule for Network Traffic Analysis
作者: Kyu-Seok Shim , Sung-Ho Yoon , Su-Kang Lee , Sung-Min Kim , Woo-Suk Jung
DOI: 10.7840/KICS.2015.40.4.666
关键词:
摘要: The importance of application traffic analysis for efficient network management has been emphasized continuously. Snort is a popular system which detects matched to pre-defined signatures and perform various actions based on the rules. However, it very difficult get highly accurate meet purpose because tedious time-consuming work search entire data manually or semi-automatically. In this paper, we propose novel method generate in fully automatic manner form sort rule from raw packet captured link end-host. We use sequence pattern algorithm common substring satisfying minimum support flow data. Also, extract location header information signature are components snort content rule. When analyzed proposed several data, generated could detect more than 97 percentage
koreascience.or.kr参考文章(3)
Byungchul Park, Youngjoon Won, JaeYoon Chung, Myung-sup Kim, James Won-Ki Hong, Fine-grained traffic classification based on functional separation International Journal of Network Management. ,vol. 23, pp. 350- 381 ,(2013) , 10.1002/NEM.1837
Yu Wang, Yang Xiang, Wanlei Zhou, Shunzheng Yu, Generating regular expression signatures for network traffic classification in trusted network management Journal of Network and Computer Applications. ,vol. 35, pp. 992- 1000 ,(2012) , 10.1016/J.JNCA.2011.03.017
Cheng MU, Xiao-hong HUANG, Xu TIAN, Yan MA, Jing-li Qi, Automatic traffic signature extraction based on fixed bit offset algorithm for traffic classification The Journal of China Universities of Posts and Telecommunications. ,vol. 18, pp. 79- 85 ,(2011) , 10.1016/S1005-8885(10)60156-2