Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Aickelin, Uwe; Twycross, Jamie; Hesketh-Roberts, Thomas (2008)
Publisher: Inderscience
Languages: English
Types: Article
Subjects: Computer Science - Neural and Evolutionary Computing, Computer Science - Cryptography and Security

Classified by OpenAIRE into

Intrusion Detection Systems (IDSs) provide an important\ud layer of security for computer systems and networks, and are becoming more and more necessary as reliance on Internet services increases and systems with sensitive data are more commonly open to Internet access. An IDS’s responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this activity. The majority of IDSs use a set of signatures that define what suspicious traffic is, and Snort is one popular and actively developing open-source IDS that uses such a set of signatures known as Snort rules. Our aim is to identify a way in which Snort could be developed further by generalising rules to identify novel attacks. In particular, we attempted to relax and vary the conditions and parameters of current Snort rules, using a similar approach to classic rule learning operators such as generalisation and specialisation. We demonstrate the effectiveness of our approach through experiments with standard datasets and\ud show that we are able to detect previously undetected variants of various attacks. We conclude by discussing the general effectiveness and appropriateness of generalisation in Snort based IDS rule processing.\ud \ud Keywords: anomaly detection, intrusion detection, Snort, Snort rules
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • S Axelsson (2000) 'Intrusion Detection Systems: A Survey and Taxonomy', Chalmers University Tech Report, 99-15.
    • M Burgess (2006) 'Probabilistic anomaly detection in distributed computer networks', Science of Computer Programming, vol 60, pp 1-26.
    • T Crothers (2003) 'Implementing Intrusion Detection Systems', Wiley.
    • F Esponda, S Forrest and P Helman (2004) 'A formal framework for positive and negative detection schemes', IEEE Transactions on Systems, Man, and Cybernetics-Part B: Cybernetics, 34(1), pp 357-373.
    • V Fuller and T Li and J Yu and K Varadhan (1993) 'Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy', RFC 1519.
    • Free Software Foundation Inc (2006) 'GNU', http://www.gnu.org/licenses/licenses.html
    • F Gomez and F Gonzalez and D Dasgupta (2003) 'An immuno-fuzzy approach to anomaly detection', Proc. of the IEEE International Conference on Fuzzy Systems.
    • J Hoagland and S Staniford (2003) 'Viewing IDS alerts: Lessons from http://www.silicondefense.com/research/whitepapers/index.php
    • Sourcefire Inc, M Roesch and C Green (2006) 'SNORT Users Manual - SNORT Release: 2.6.0', http://www.snort.org
    • S Staniford, J Hoagland and J McAlerney (2002) 'Practical Automated Detection of Stealthy Portscans, Journal of Computer Security, vol 10, no 1.
  • No related research data.
  • No similar publications.

Share - Bookmark

Cite this article