Abstract
In Network-based Intrusion Detection, signatures discovery is an important issue, since the performance of an intrusion detection system heavily depends on accuracy and abundance of signatures. In most cases, we have to find these signatures manually. This is a time-consuming and error-prone work. Some papers introduce data mining into Intrusion Detection System. However, there are some drawbacks in these schemes. We present a data mining based approach to supporting signature discovery in network-based Intrusion Detection System. It has people find signatures of an intrusion easily. The main idea is that: First, Signature Discovery System (SDS) tries to find the most possible signatures that occur very frequently in the communication monitored. Second, SDS will find the relationships between these candidate signatures and construct rules based on these relationships found. Finally, SDS gives two kinds of hints: one is the signatures whose frequency of occurrence is greater than a threshold; the other is a set of rules composed of a set of signatures that are created by SDS in the second step. An experimental system called SigSniffer has been implemented to test the feasibility of the proposed approach.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
