Referenced Items are not available for this document.
In network-based intrusion detection, signatures discovery is an important issue, since the performance of an intrusion detection system heavily depends on accuracy and abundance of signatures. In most cases, we have to find these signatures manually. This is a time-consuming and error-prone work. We present a data mining method based on an approach to support signature discovery in a network-based intrusion detection system, which generates signatures for a misuse detection intrusion detection system (IDS) not only depending on associations of attributes of the transfer protocol, but also on the content of traffic. Until now, no paper has studied how to mine content of traffic to generate signatures for an IDS. Our work allows people to find signatures of an intrusion easily and provides a third party IDS (for example, Snort) with candidate signatures. In order to discover signatures, we present an algorithm called Signature Apriori. An experimental system named SigSniffer has been implemented to test the feasibility of the proposed approach.
Published in:
Machine Learning and Cybernetics, 2002. Proceedings. 2002 International Conference on
(Volume:1
)
Date of Conference: 2002
- Page(s):
- 13 - 17 vol.1
- Print ISBN:
- 0-7803-7508-4
- INSPEC Accession Number:
- 7597600
- Digital Object Identifier :
- 10.1109/ICMLC.2002.1176698
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
