使用基于分数的snort规则优先级的恶意软件检测系统的性能增强

2015 International Conference on Green Computing and Internet of Things (ICGCIoT) Pub Date : 2015-10-08 DOI:10.1109/ICGCIOT.2015.7380636

Pritpal Singh, Sunny Behal, Krishan Kumar

{"title":"使用基于分数的snort规则优先级的恶意软件检测系统的性能增强","authors":"Pritpal Singh, Sunny Behal, Krishan Kumar","doi":"10.1109/ICGCIOT.2015.7380636","DOIUrl":null,"url":null,"abstract":"Snort is an open source Intrusion Detection System (IDS) that uses a rule-based approach to detect different kinds of malware, online attacks, vulnerabilities, etc. The performance of a Malware Detection System (MDS) deployed in a large network depends on the nature and type of rules stored in its database. As the number and type of attacks are increasing, more number of rules are appended in the MDS database. This increase in the size of rule database itself becomes the bottleneck in the performance of the MDS. This paper proposes a rule scoring based mechanism for prioritizing the snort rules so as to optimize the number of rules in the MDS database. Only those rules are retained in the database whose total score is greater than the computed threshold value. The results show that the performance of MDS has enhanced remarkably.","PeriodicalId":400178,"journal":{"name":"2015 International Conference on Green Computing and Internet of Things (ICGCIoT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Performance enhancement of a Malware Detection System using score based prioritization of snort rules\",\"authors\":\"Pritpal Singh, Sunny Behal, Krishan Kumar\",\"doi\":\"10.1109/ICGCIOT.2015.7380636\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Snort is an open source Intrusion Detection System (IDS) that uses a rule-based approach to detect different kinds of malware, online attacks, vulnerabilities, etc. The performance of a Malware Detection System (MDS) deployed in a large network depends on the nature and type of rules stored in its database. As the number and type of attacks are increasing, more number of rules are appended in the MDS database. This increase in the size of rule database itself becomes the bottleneck in the performance of the MDS. This paper proposes a rule scoring based mechanism for prioritizing the snort rules so as to optimize the number of rules in the MDS database. Only those rules are retained in the database whose total score is greater than the computed threshold value. The results show that the performance of MDS has enhanced remarkably.\",\"PeriodicalId\":400178,\"journal\":{\"name\":\"2015 International Conference on Green Computing and Internet of Things (ICGCIoT)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-10-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 International Conference on Green Computing and Internet of Things (ICGCIoT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICGCIOT.2015.7380636\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on Green Computing and Internet of Things (ICGCIoT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICGCIOT.2015.7380636","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

Snort是一个开源的入侵检测系统(IDS)，它使用基于规则的方法来检测不同类型的恶意软件、在线攻击、漏洞等。在大型网络中部署的恶意软件检测系统(MDS)的性能取决于其数据库中存储的规则的性质和类型。随着攻击数量和类型的增加，MDS数据库中添加的规则也越来越多。规则数据库大小的增加本身就成为了MDS性能的瓶颈。本文提出了一种基于规则评分的snort规则优先级排序机制，以优化MDS数据库中的规则数量。只有那些总分大于计算的阈值的规则才会保留在数据库中。结果表明，MDS的性能得到了显著提高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Performance enhancement of a Malware Detection System using score based prioritization of snort rules

Snort is an open source Intrusion Detection System (IDS) that uses a rule-based approach to detect different kinds of malware, online attacks, vulnerabilities, etc. The performance of a Malware Detection System (MDS) deployed in a large network depends on the nature and type of rules stored in its database. As the number and type of attacks are increasing, more number of rules are appended in the MDS database. This increase in the size of rule database itself becomes the bottleneck in the performance of the MDS. This paper proposes a rule scoring based mechanism for prioritizing the snort rules so as to optimize the number of rules in the MDS database. Only those rules are retained in the database whose total score is greater than the computed threshold value. The results show that the performance of MDS has enhanced remarkably.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 International Conference on Green Computing and Internet of Things (ICGCIoT)

自引率

0.00%

发文量