Automated signature creator for a signature based intrusion detection system (Pancakes)

A Signature-Based Intrusion Detection System (IDS) helps maintain the integrity of data in a network controlled environment. Unfortunately, this type of IDS depends on predetermined intrusion patterns that are manually created by security professionals, thus manual signature creation is limited by t...

Full description

Saved in:
Bibliographic Details
Main Authors: De Ocampo, Frances Bernadette C., Del Castillo, Trisha Mari L.
Format: text
Language:English
Published: Animo Repository 2013
Subjects:
Online Access:https://animorepository.dlsu.edu.ph/etd_bachelors/5405
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: De La Salle University
Language: English
Description
Summary:A Signature-Based Intrusion Detection System (IDS) helps maintain the integrity of data in a network controlled environment. Unfortunately, this type of IDS depends on predetermined intrusion patterns that are manually created by security professionals, thus manual signature creation is limited by the time allotted by these specialists towards the creation of these signatures. Accordingly, new attacks that are yet to be examined are not detected by the IDS because the signature database is not updated, this now opens up a new door for attackers to penetrate the system. Pancakes is a system capable of pre identifying whether a certain network traffic is a threat or not. Upon determining network threats, the system automatically generates signatures in order to be used as a basis by the Signature-Base IDS for network threat detection. Machine Learning is the concept used for network threat identification. Based on the tests and results, Random Forest was identified as the most beneficial algorithm which helps in determining network attacks. The system is tested in a virtual manner in order for it to not counteract with an organizations' policies. The system is automated thus the data inputted in the system would be manipulated only by the system itself. Hence this system creates signatures that are probably correct while maintaining the goal of keeping the IDS updated with regards to the various network attacks it encounters.