Improving Intrusion Detection System based on Snort rules for network probe attack detection

Khamphakdee, Nattawat; Benjamas, Nunnapus; Saiyod, Saiyan

doi:10.1109/icoict.2014.6914042

Cited by 59 publications

(23 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Additionally, they consist of DOS, U2R, R2L, and network probe attacks. In previous studies, classifications of probe attacks included portsweep, ipsweep, Satan, Is_domain, ntinfoscan, and queso [5]. This paper, however, focuses only on the ipsweep type of network probe attacks.…”

Section: Classified Network Probe Attacks the Ipsweep Typementioning

confidence: 99%

“…The Snort IDS rules for intrusion detection of network probe attacks were improved through the utilization of the MIT-DARPA 1999 dataset in weeks four and five [5]. The authors analyzed the network traffic data of the attack by applying the Wire Shark software to the dataset.…”

Section: Related Workmentioning

confidence: 99%

“…The Snort IDS rules performances were evaluated by utilizing the accuracy comparisons procedure, previously described in [5]. Suitable parameters, as seen in Table 1, outline the Snort IDS rules as shown in Figure 7.…”

Section: Snort Ids Rules Evaluationmentioning

confidence: 99%

See 2 more Smart Citations

Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

2015

Self Cite

View full text Add to dashboard Cite

Abstract. The intrusion detection system (IDS) is an important network security tool for securing computer and network systems. It is able to detect and monitor network traffic data. Snort IDS is an open-source network security tool. It can search and match rules with network traffic data in order to detect attacks, and generate an alert. However, the Snort IDS can detect only known attacks. Therefore, we have proposed a procedure for improving Snort IDS rules, based on the association rules data mining technique for detection of network probe attacks. We employed the MIT-DARPA 1999 data set for the experimental evaluation. Since behavior pattern traffic data are both normal and abnormal, the abnormal behavior data is detected by way of the Snort IDS. The experimental results showed that the proposed Snort IDS rules, based on data mining detection of network probe attacks, proved more efficient than the original Snort IDS rules, as well as icmp.rules and icmp-info.rules of Snort IDS. The suitable parameters for the proposed Snort IDS rules are defined as follows: Min_sup set to 10%, and Min_conf set to 100%, and through the application of eight variable attributes. As more suitable parameters are applied, higher accuracy is achieved.

show abstract

Section: Classified Network Probe Attacks the Ipsweep Typementioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

2015

Self Cite

View full text Add to dashboard Cite

show abstract

“…Khamphakdee et al extend the Snort rules for network probe attacks [8]. Besides predefined rules, IDS researches focus on the statistics on packets to detect abnormality in networks.…”

Section: Ids and Software Updatesmentioning

confidence: 99%

Secure dissemination of software updates for intelligent mobility in future wireless networks

Lee

Kwon

2016

J Wireless Com Network

View full text Add to dashboard Cite

Wireless mobile networks frequently need remote software updates to add or adjust the tasks of mobile nodes. Software update traffic, particularly in the Internet of Things (IoT), should be carefully handled since attackers can easily compromise a number of unattended devices by modifying a piece of code in the software update routine. These attacks are quite realistic and harmful as seen in the real world. To protect lower-powered mobile devices, an in-network detection mechanism is preferred. However, due to the mobility of devices, it is difficult to set a network monitor with complete context of software updates. Moreover, even the conventional integrity checks can be fooled by a replaced binary code or minimized modification. In this paper, we tackle this problem and propose CodeDog, a new approach to check the integrity of software updates in mobile environments. CodeDog generates a binary code with semantics markers. A validation of those markers proves the control flow semantics was unchanged. It can be performed on program fragments for in-network monitoring to protect incapable devices. Our evaluation result shows that CodeDog can prevent attacks in the supply chain with 4.2 % storage overhead.

show abstract

“…In turn, the alerts are activated and sent to a receiver such as system log, database, management team or even a trap. Many studies have used Snort NIDPS to detect attacks such as DoS and DDoS by developing and designing new rules [13,14,15,16].…”

Section: Snort Network Intrusion Detection and Prevention System (Snomentioning

confidence: 99%

Using Cisco Network Components to Improve NIDPS Performance

Bul´ajoul¹,

James²,

Shaikh³

et al. 2016

Computer Science &Amp; Information Technology ( CS &Amp; IT )

View full text Add to dashboard Cite

show abstract

Improving Intrusion Detection System based on Snort rules for network probe attack detection

Cited by 59 publications

References 4 publications

Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

Secure dissemination of software updates for intelligent mobility in future wireless networks

Using Cisco Network Components to Improve NIDPS Performance

Contact Info

Product

Resources

About