Variable-length signatures for intrusion detection

Variable-length signatures for intrusion detection

Intrusion detection has become a basic infrastructure to guarantee the security of most internetworking applications. With more internetworking applications in the Internet nowadays, enormous volume of audit trails are produced for the analysis within intrusion detection. For this reason, it is crit...

Full description

Saved in:
Bibliographic Details
Main Authors: Li, Zhuowei, Das, Amitabha, Zhou, Jianying, Patra, Jagdish Chandra
Other Authors: School of Computer Engineering
Format: Article
Language:English
Published: 2011
Subjects:
DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks
Online Access:https://hdl.handle.net/10356/94219
http://hdl.handle.net/10220/7265
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-94219
record_format dspace
spelling sg-ntu-dr.10356-942192020-05-28T07:41:40Z Variable-length signatures for intrusion detection Li, Zhuowei Das, Amitabha Zhou, Jianying Patra, Jagdish Chandra School of Computer Engineering DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks Intrusion detection has become a basic infrastructure to guarantee the security of most internetworking applications. With more internetworking applications in the Internet nowadays, enormous volume of audit trails are produced for the analysis within intrusion detection. For this reason, it is critical to reduce the detection computation of intrusion detection to meet the realtime detection requirement. In this paper, using a formal intrusion detection framework, we propose a new concept of variable-length signature, along with feature selection, to compress the behavior models of our intrusion detection system, USAID[7], that achieves promising detection performance. Intuitively, compact behavior models will make the detection process computationally much cheaper. Our experimental results show that the proposed technique will degrade the detection rate of unknown intrusions, and fortunately, that it achieves a high detection rate for known intrusions with a significantly reduced false alarm rate. As a result, compared to USAID, the size of the behavior model is decreased by 99.52%, and the detection computation is cut down by 81.15% at least. Accepted Version 2011-10-13T07:25:05Z 2019-12-06T18:52:40Z 2011-10-13T07:25:05Z 2019-12-06T18:52:40Z 2008 2008 Journal Article Li, Z., Das, A., Zhou, J., & Patra, J. C. (2008). Variable-length signatures for intrusion detection. Computer Systems Science and Engineering, 23. 0267-6192 https://hdl.handle.net/10356/94219 http://hdl.handle.net/10220/7265 138075 en Computer systems science and engineering © 2008 CRL Publishing. This is the author created version of a work that has been peer reviewed and accepted for publication by International Journal of Computer Systems Science & Engineering, CRL Publishing. It incorporates referee’s comments but changes resulting from the publishing process, such as copyediting, structural formatting, may not be reflected in this document. The published version is available at: [Article URL: http://arnetminer.org/publication/variable-length-signatures-for-intrusion-detection-3465859.html]. 17 p. application/pdf
institution Nanyang Technological University
building NTU Library
country Singapore
collection DR-NTU
language English
topic DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks
spellingShingle DRNTU::Engineering::Computer science and engineering::Computer systems organization::Computer-communication networks
Li, Zhuowei
Das, Amitabha
Zhou, Jianying
Patra, Jagdish Chandra
Variable-length signatures for intrusion detection
description Intrusion detection has become a basic infrastructure to guarantee the security of most internetworking applications. With more internetworking applications in the Internet nowadays, enormous volume of audit trails are produced for the analysis within intrusion detection. For this reason, it is critical to reduce the detection computation of intrusion detection to meet the realtime detection requirement. In this paper, using a formal intrusion detection framework, we propose a new concept of variable-length signature, along with feature selection, to compress the behavior models of our intrusion detection system, USAID[7], that achieves promising detection performance. Intuitively, compact behavior models will make the detection process computationally much cheaper. Our experimental results show that the proposed technique will degrade the detection rate of unknown intrusions, and fortunately, that it achieves a high detection rate for known intrusions with a significantly reduced false alarm rate. As a result, compared to USAID, the size of the behavior model is decreased by 99.52%, and the detection computation is cut down by 81.15% at least.
author2 School of Computer Engineering
author_facet School of Computer Engineering
Li, Zhuowei
Das, Amitabha
Zhou, Jianying
Patra, Jagdish Chandra
format Article
author Li, Zhuowei
Das, Amitabha
Zhou, Jianying
Patra, Jagdish Chandra
author_sort Li, Zhuowei
title Variable-length signatures for intrusion detection
title_short Variable-length signatures for intrusion detection
title_full Variable-length signatures for intrusion detection
title_fullStr Variable-length signatures for intrusion detection
title_full_unstemmed Variable-length signatures for intrusion detection
title_sort variable-length signatures for intrusion detection
publishDate 2011
url https://hdl.handle.net/10356/94219
http://hdl.handle.net/10220/7265
_version_ 1681057600101154816

Similar Items