基于云的网络攻击签名学习架构

2015 7th International Conference on New Technologies, Mobility and Security (NTMS) Pub Date : 2015-07-27 DOI:10.1109/NTMS.2015.7266461

O. Hamdi, M. Mbaye, F. Krief

{"title":"基于云的网络攻击签名学习架构","authors":"O. Hamdi, M. Mbaye, F. Krief","doi":"10.1109/NTMS.2015.7266461","DOIUrl":null,"url":null,"abstract":"Intrusion Detection System (IDS) is an essential component of the network security infrastructure. It detects malicious activities by monitoring network traffic. There are two main classes of IDS: the anomaly-based IDS and signature-based IDS. An important challenge, for signature-based IDS, is automating attack signature writing from traffic logs, which can be very hard to be established for human administrator. In this paper, we propose a solution addressing this challenge. We propose cloud-based signature learning service using Inductive Logic Programming (ILP). Learning service generates rule describing properties shared by packets labelled as malicious and that do not cover normal packets. The system uses a background knowledge composed of predicates used to describe network attack signature. The cloud architecture of our IDS enables it to have specialized nodes. Preliminary experimentations show that the proposed system is able to reproduce automatically SNORT signature.","PeriodicalId":115020,"journal":{"name":"2015 7th International Conference on New Technologies, Mobility and Security (NTMS)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-07-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"A cloud-based architecture for network attack signature learning\",\"authors\":\"O. Hamdi, M. Mbaye, F. Krief\",\"doi\":\"10.1109/NTMS.2015.7266461\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion Detection System (IDS) is an essential component of the network security infrastructure. It detects malicious activities by monitoring network traffic. There are two main classes of IDS: the anomaly-based IDS and signature-based IDS. An important challenge, for signature-based IDS, is automating attack signature writing from traffic logs, which can be very hard to be established for human administrator. In this paper, we propose a solution addressing this challenge. We propose cloud-based signature learning service using Inductive Logic Programming (ILP). Learning service generates rule describing properties shared by packets labelled as malicious and that do not cover normal packets. The system uses a background knowledge composed of predicates used to describe network attack signature. The cloud architecture of our IDS enables it to have specialized nodes. Preliminary experimentations show that the proposed system is able to reproduce automatically SNORT signature.\",\"PeriodicalId\":115020,\"journal\":{\"name\":\"2015 7th International Conference on New Technologies, Mobility and Security (NTMS)\",\"volume\":\"45 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-07-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 7th International Conference on New Technologies, Mobility and Security (NTMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NTMS.2015.7266461\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 7th International Conference on New Technologies, Mobility and Security (NTMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NTMS.2015.7266461","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

入侵检测系统(IDS)是网络安全基础设施的重要组成部分。它通过监控网络流量来检测恶意活动。IDS主要有两类:基于异常的IDS和基于签名的IDS。对于基于签名的IDS来说，一个重要的挑战是从流量日志中自动编写攻击签名，这对于管理员来说很难建立。在本文中，我们提出了解决这一挑战的解决方案。我们提出使用归纳逻辑编程(ILP)的基于云的签名学习服务。学习服务生成规则，描述被标记为恶意的数据包共享的属性，这些属性不包括正常数据包。该系统使用由谓词组成的背景知识来描述网络攻击特征。我们的IDS的云架构使其具有专门的节点。初步实验表明，该系统能够自动生成SNORT签名。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A cloud-based architecture for network attack signature learning

Intrusion Detection System (IDS) is an essential component of the network security infrastructure. It detects malicious activities by monitoring network traffic. There are two main classes of IDS: the anomaly-based IDS and signature-based IDS. An important challenge, for signature-based IDS, is automating attack signature writing from traffic logs, which can be very hard to be established for human administrator. In this paper, we propose a solution addressing this challenge. We propose cloud-based signature learning service using Inductive Logic Programming (ILP). Learning service generates rule describing properties shared by packets labelled as malicious and that do not cover normal packets. The system uses a background knowledge composed of predicates used to describe network attack signature. The cloud architecture of our IDS enables it to have specialized nodes. Preliminary experimentations show that the proposed system is able to reproduce automatically SNORT signature.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 7th International Conference on New Technologies, Mobility and Security (NTMS)

自引率

0.00%

发文量