Sciweavers

ACSAC
2003
IEEE

Attack Signature Matching and Discovery in Systems Employing Heterogeneous IDS

14 years 5 months ago
Attack Signature Matching and Discovery in Systems Employing Heterogeneous IDS
Over the past decade, Intrusion Detection Systems (IDS) have improved steadily in the efficiency and effectiveness with which they detect intrusive activity. This is particularly true with signature-based IDS due to progress with intrusion analysis and intrusion signature specification. At the same time system complexity, overall numbers of bugs and security vulnerabilities have been on the increase. This has led to the recognition that in order to operate over the entire attack space, multiple heterogeneous IDS must be used, which need to interoperate with one another, and possibly also with other components of system security. This paper describes our research into developing algorithms for attack signature matching for detecting multi-stage attacks manifested by alerts from heterogeneous IDS. It describes also the testing and preliminary results of that research, and the administrator interface used to analyze the alerts produced by the tests and the results of signature matching.
Nathan Carey, George M. Mohay, Andrew Clark
Added 04 Jul 2010
Updated 04 Jul 2010
Type Conference
Year 2003
Where ACSAC
Authors Nathan Carey, George M. Mohay, Andrew Clark
Comments (0)