{"title":"Mining intrusion detection rules with longest increasing subsequences of q-grams","authors":"Inbok Lee, Sung-il Oh","doi":"10.1145/3129676.3129724","DOIUrl":null,"url":null,"abstract":"Intrusion detection has been a major issue in network security. Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires a considerable knowledge on various fields. Also attackers can modify previous attacks to escape intrusion detection rules. In this paper we deal with the problem of detecting \"modified\" attacks using original intrusion detection rules. We show a simple method of reporting substrings in the network stream which have approximate matches with at least one of the network intrusion detection rules, based on the notion of q-grams and the longest increasing subsequences. Experimental results showed that our approach can detect modified attacks, which are modeled as strings which can match the intrusion detection rules after edit operations.","PeriodicalId":326100,"journal":{"name":"Proceedings of the International Conference on Research in Adaptive and Convergent Systems","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the International Conference on Research in Adaptive and Convergent Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3129676.3129724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Intrusion detection has been a major issue in network security. Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires a considerable knowledge on various fields. Also attackers can modify previous attacks to escape intrusion detection rules. In this paper we deal with the problem of detecting "modified" attacks using original intrusion detection rules. We show a simple method of reporting substrings in the network stream which have approximate matches with at least one of the network intrusion detection rules, based on the notion of q-grams and the longest increasing subsequences. Experimental results showed that our approach can detect modified attacks, which are modeled as strings which can match the intrusion detection rules after edit operations.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
