By Topic

Building intrusion pattern miner for snort network intrusion detection system

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Lih-Chyau Wuu ; Dept. of Electron. Eng., Nat. Yunlin Univ. of Sci. & Technol., Taiwan ; Sout-Fong Chen

We propose a framework for Snort network-based intrusion detection system to make it have the ability of not only catching new attack patterns automatically, but also detecting sequential attack behaviors. To do that, we first build an intrusion pattern discovery module to find single intrusion patterns and sequential intrusion patterns from a collection of attack packets in offline training phase. The module applies data mining technique to extract descriptive attack signatures from large stores of packets, and then it converts the signatures to Snort detection rules for online detection. In order to detect sequential intrusion behavior, the Snort detection engine is accompanied with our intrusion behavior detection engine. When a series of incoming packets match the signatures representing sequential intrusion scenarios, intrusion behavior detection engine make an alert.

Published in:

Security Technology, 2003. Proceedings. IEEE 37th Annual 2003 International Carnahan Conference on

Date of Conference:

14-16 Oct. 2003