EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism

Computers and Security

Volumn 43, Issue , 2014, Pages 189-204

  Meng, Weizhi ^a   Li, Wenjuan ^a   Kwok, Lam For ^a  

^a CITY UNIVERSITY OF HONG KONG   (Hong Kong)

Author keywords

Blacklist generation; Enhanced filter mechanism; Exclusive signature matching; False alarm reduction; Intrusion detection; Network security; Packet filter

Indexed keywords

ALARM SYSTEMS; COMPUTER CRIME; ERRORS; INTRUSION DETECTION;

BLACKLIST GENERATION; EXCLUSIVE SIGNATURE MATCHING; FALSE ALARM REDUCTIONS; LARGE-SCALE NETWORK; NETWORK ENVIRONMENTS; PACKET FILTERS; SECURITY INFRASTRUCTURE; SIGNATURE-BASED NETWORK INTRUSION DETECTION SYSTEMS;

NETWORK SECURITY;

EID: 84901240193     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2014.02.006     Document Type: Article

References (51)

1. A.V. Aho, and M.J. Corasick Efficient string matching: an aid to bibliographic search Commun ACM 18 6 1975 333 340
2. A. Alharbt, and H. Imai IDS false alarm reduction using continuous and discontinuous patterns Proceedings of the 3rd Int'l Conf. on Applied Cryptography and Network Security 2005 192 205 (Pubitemid 41422117)
3. S. Axelsson The base-rate fallacy and the difficulty of intrusion detection ACM Trans Information Syst Secur 3 3 2000 186 205
4. M. Bishop Computer security - Art and science 2003 Addison Wesley
5. R.S. Boyer, and J.S. Moore A fast string searching algorithm Commun ACM 20 10 1977 762 772
6. X. Chen, K. Ge, Z. Chen, and J. Li AC-suffix-tree: buffer free string matching on out-of-sequence packets Proceedings of the 7th ACM/IEEE Symposium on Architectures for Networking and Communications Systems 2011 36 44
7. C.Y. Chiu, Y.J. Lee, C.C. Chang, W.Y. Luo, and H.C. Huang Semi-supervised learning for false alarm reduction Proceedings of the 10th Industrial Conference on Data Mining 2010 595 605
8. Y.-H. Choi, M.-Y. Jung, and S.-W. Seo A fast pattern matching algorithm with multi-byte search unit for high-speed network security Comput Commun 34 14 2011 1750 1763
9. Colasoft Packet Builder, http://www.colasoft.com.
10. B. Commentz-Walter A string matching algorithm fast on the average Proceedings of the 6th International Colloquium on Automata, Languages, and Programming (ICALP) 1979 118 132
11. M.A. Davenport, R.G. Baraniuk, and C.D. Scott Controlling false alarms with support vector machines Proceedings of the 2006 Int'l Conf. on Acoustics, Speech and Signal 2006 589 592
12. DARPA intrusion detection evaluation data set: http://www.ll.mit.edu/ mission/communications/ist/corpora/ideval/data/1999data.html, 1999.
13. H. Dreger, A. Feldmann, V. Paxson, and R. Sommer Operational Experiences with high-volume network intrusion detection Proceedings of the 11th ACM Conf. on Computer and Communications Security 2004 2 11 (Pubitemid 40338184)
14. M. Fisk, and G. Varghese An analysis of fast string matching applied to content-based forwarding and intrusion detection Technical Report CS2001-0670 2002 University of California San Diego, USA
15. A.K. Ghosh, J. Wanken, and F. Charron Detecting anomalous and unknown intrusions against programs Proceedings of the 14th Annual Computer Security Applications Conf 1998 259 267
16. M. Handley, C. Kreibich, and V. Paxson Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics Proceedings of the 10th Usenix Security Symp 2001 115 131
17. S. Hofmeyr, S. Forrest, and A. Somayaji Intrusion detection using sequences of system calls J Comput Secur 6 3 1998 151 180
18. R. Horspool Practical fast searching in strings Softw Pract Exp 10 6 1980 501 506
19. K. Kim, and Y. Kim A fast multiple string pattern matching algorithm Proceedings of the 17th AoM/IAoM Conf. on Computer Science 1999 1 6
20. H. Kim, H.-S. Kim, and S. Kang A memory-efficient bit-split parallel string matching using pattern dividing for intrusion detection systems IEEE Transactions Parallel Distributed Syst 22 11 2011 1904 1911
21. L. Kuang, and M. Zulkernine An anomaly intrusion detection method using the CSI-KNN algorithm Proceedings of the 2008 ACM Symp. on Applied Computing 2008 921 926
22. K.H. Law, and L.F. Kwok IDS false alarm filtering using KNN classifier Proceedings of the 5th Int'l Conf. on Information Security Applications 2005 114 121 (Pubitemid 41190806)
23. H. Le, and V.K. Prasanna A memory-efficient and modular approach for large-scale string pattern matching IEEE Trans Comput 62 5 2013 844 857
24. W. Lee, and S.J. Stolfo A framework for constructing features and models for intrusion detection systems ACM Trans Information Syst Secur 3 4 2000 227 261
25. Y. Li, and L. Guo An active learning based TCM-KNN algorithm for supervised network intrusion detection Comput Secur 26 7-8 2007 459 467 (Pubitemid 350191973)
26. Y. Li, B. Fang, L. Guo, and Y. Chen TCM-KNN algorithm for supervised network intrusion detection Proceedings of the 2007 Pacific Asia Workshop on Intelligence and Security Informatics 2007 141 151
27. Y. Liao, and V. Rao Vemuri Use of k-nearest neighbor classifier for intrusion detection Comput Secur 21 5 2002 439 448 (Pubitemid 34835644)
28. H.S. Lin, H.K. Pao, C.H. Mao, H.M. Lee, T. Chen, and Y.J. Lee Adaptive alarm filtering by causal correlation consideration in intrusion detection Proceedings of the 2009 Int'l Symp. on Intelligent Decision Technologies 2009 437 447
29. C.W. Lu, C.L. Lu, and R.C.T. Lee A new filtration method and a hybrid strategy for approximate string matching Theor Comput Sci 481 2013 9 17
30. K.G. Markatos, S. Antonatos, E.P. Markatos, and M. Polychronakis E2xB: a domain-specific string matching algorithm for intrusion detection Proceedings of the IFIP Int'l Information Security Conf 2003 217 228
31. J. McHugh Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory ACM Trans Information Syst Secur 3 4 2000 262 294
32. Y. Meng, and L.-F. Kwok Adaptive context-aware packet filter scheme using statistic-based blacklist generation in network intrusion detection Proceedings of the 7th Int'l Conf. on Information Assurance and Security 2011 74 79
33. Y. Meng, and L.-F. Kwok Adaptive false alarm filter using machine learning in intrusion detection Proceedings of the 6th Int'l Conf. on Intelligent Systems and Knowl. Engineering 2011 573 584
34. Y. Meng, and L.-F. Kwok Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection J Netw Comput Appl 2013 10.1016/j.jnca.2013.05.009
35. Y. Meng, W. Li, and L.-F. Kwok Single Character frequency-based exclusive signature matching scheme Proceedings of the 11th IEEE/ACIS Int'l Conf. on Computer and Information Science 2012 67 80
36. D. Pao, and X. Wang Multi-stride string searching for high-speed content inspection Comput J 55 10 2012 1216 1231
37. V. Paxson Bro: a system for detecting network intruders in real-time Comput Networks 31 23-24 1999 2435 2463
38. T. Pietraszek Using adaptive alert classification to reduce false positives in intrusion detection Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection 2004 102 124 (Pubitemid 39741890)
39. R.L. Rivest On the worst-case behavior of string-searching algorithms SIAM J Comput 6 4 1977 669 674
40. M. Roesch Snort: lightweight intrusion detection for networks Proceedings of Usenix LISA Conference 1999 229 238
41. K. Scarfone, and P. Mell Guide to Intrusion Detection and Prevention Systems (IDPS) NIST Special Publication 800-94 Feb 2007
42. Snort, The Open Source Network Intrusion Detection System. http://www.snort.org/.
43. A. Somayaji, and S. Forrest Automated response using system-call delays Proceedings of the 9th Usenix Security Symp 2000 185 197
44. R. Sommer, and V. Paxson Outside the closed world: on using machine learning for network intrusion detection Proceedings of the 2010 IEEE Symp. on Security and Privacy 2010 305 316
45. I. Sourdis, V. Dimopoulos, D. Pnevmatikatos, and S. Vassiliadis Packet pre-filtering for network intrusion detection Proceedings of the 2006 ACM/IEEE Symp. on Architectures for Networking and Communications Systems 2006 183 192 (Pubitemid 47209686)
46. M.-Y. Su, K.-C. Chang, H.-F. Wei, and C.-Y. Lin Feature weighting and selection for a real-time network intrusion detection system based on GA with KNN Proceedings of the 2008 Intelligence and Security Informatics 2008 195 204
47. P. Uppuluri, and R. Sekar Experiences with specification-based intrusion detection Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID) 2001 172 189 (Pubitemid 33352007)
48. WEKA. Waikato Environment for Knowledge Analysis. http://www.cs.waikato. ac.nz/ml/weka/.
49. Wireshark, Network Protocol Analyzer. http://www.wireshark.org/.
50. S. Wu, and U. Manber A fast algorithm for multi-pattern seaching Technical Report TR-94-17 May 1994 Department of Computer Science. University of Arizona
51. M. Zhang, and B. Ny False alarm filter in neural networks for Multiclass object detection Proceedings of the 8th Int'l Conf. on Knowledge-Based Intelligent Information and Engineering Systems 2004 541 548 (Pubitemid 39751472)