利用q-g最长递增子序列挖掘入侵检测规则

Proceedings of the International Conference on Research in Adaptive and Convergent Systems Pub Date : 2017-09-20 DOI:10.1145/3129676.3129724

Inbok Lee, Sung-il Oh

{"title":"利用q-g最长递增子序列挖掘入侵检测规则","authors":"Inbok Lee, Sung-il Oh","doi":"10.1145/3129676.3129724","DOIUrl":null,"url":null,"abstract":"Intrusion detection has been a major issue in network security. Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires a considerable knowledge on various fields. Also attackers can modify previous attacks to escape intrusion detection rules. In this paper we deal with the problem of detecting \"modified\" attacks using original intrusion detection rules. We show a simple method of reporting substrings in the network stream which have approximate matches with at least one of the network intrusion detection rules, based on the notion of q-grams and the longest increasing subsequences. Experimental results showed that our approach can detect modified attacks, which are modeled as strings which can match the intrusion detection rules after edit operations.","PeriodicalId":326100,"journal":{"name":"Proceedings of the International Conference on Research in Adaptive and Convergent Systems","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Mining intrusion detection rules with longest increasing subsequences of q-grams\",\"authors\":\"Inbok Lee, Sung-il Oh\",\"doi\":\"10.1145/3129676.3129724\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection has been a major issue in network security. Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires a considerable knowledge on various fields. Also attackers can modify previous attacks to escape intrusion detection rules. In this paper we deal with the problem of detecting \\\"modified\\\" attacks using original intrusion detection rules. We show a simple method of reporting substrings in the network stream which have approximate matches with at least one of the network intrusion detection rules, based on the notion of q-grams and the longest increasing subsequences. Experimental results showed that our approach can detect modified attacks, which are modeled as strings which can match the intrusion detection rules after edit operations.\",\"PeriodicalId\":326100,\"journal\":{\"name\":\"Proceedings of the International Conference on Research in Adaptive and Convergent Systems\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-09-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the International Conference on Research in Adaptive and Convergent Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3129676.3129724\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the International Conference on Research in Adaptive and Convergent Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3129676.3129724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

入侵检测一直是网络安全中的一个主要问题。基于签名的入侵系统采用入侵检测规则对入侵进行检测。然而，编写入侵检测规则是困难的，并且需要在各个领域有相当多的知识。攻击者也可以修改之前的攻击来逃避入侵检测规则。本文研究了利用原始入侵检测规则检测“修改”攻击的问题。基于q-grams和最长递增子序列的概念，我们展示了一种简单的方法来报告网络流中与至少一个网络入侵检测规则近似匹配的子字符串。实验结果表明，该方法可以检测到修改后的攻击，并将修改后的攻击建模为字符串，与入侵检测规则相匹配。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Mining intrusion detection rules with longest increasing subsequences of q-grams

Intrusion detection has been a major issue in network security. Signature-based intrusion systems use intrusion detection rules for detecting intrusion. However, writing intrusion detection rules is difficult and requires a considerable knowledge on various fields. Also attackers can modify previous attacks to escape intrusion detection rules. In this paper we deal with the problem of detecting "modified" attacks using original intrusion detection rules. We show a simple method of reporting substrings in the network stream which have approximate matches with at least one of the network intrusion detection rules, based on the notion of q-grams and the longest increasing subsequences. Experimental results showed that our approach can detect modified attacks, which are modeled as strings which can match the intrusion detection rules after edit operations.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the International Conference on Research in Adaptive and Convergent Systems

自引率

0.00%

发文量