Affiliation:
1. College of Computer Science and Technology, Guizhou University, Guiyang, Guizhou, China
2. School of Information Technology and Communication, University of The Gambia (UTG), Banjul, Peace Building, Kanifing, The Gambia
Abstract
The rapid advanced technological development alongside the Internet with its cutting-edge applications has positively impacted human society in many aspects. Nevertheless, it equally comes with the escalating privacy and critical cybersecurity concerns that can lead to catastrophic consequences, such as overwhelming the current network security frameworks. Consequently, both the industry and academia have been tirelessly harnessing various approaches to design, implement and deploy intrusion detection systems (IDSs) with event correlation frameworks to help mitigate some of these contemporary challenges. There are two common types of IDS: signature and anomaly-based IDS. Signature-based IDS, specifically, Snort works on the concepts of rules. However, the conventional way of creating Snort rules can be very costly and error-prone. Also, the massively generated alerts from heterogeneous anomaly-based IDSs is a significant research challenge yet to be addressed. Therefore, this paper proposed a novel Snort Automatic Rule Generator (SARG) that exploits the network packet contents to automatically generate efficient and reliable Snort rules with less human intervention. Furthermore, we evaluated the effectiveness and reliability of the generated Snort rules, which produced promising results. In addition, this paper proposed a novel Security Event Correlator (SEC) that effectively accepts raw events (alerts) without prior knowledge and produces a much more manageable set of alerts for easy analysis and interpretation. As a result, alleviating the massive false alarm rate (FAR) challenges of existing IDSs. Lastly, we have performed a series of experiments to test the proposed systems. It is evident from the experimental results that SARG-SEC has demonstrated impressive performance and could significantly mitigate the existing challenges of dealing with the vast generated alerts and the labor-intensive creation of Snort rules.
Reference68 articles.
1. Rule generalisation in intrusion detection systems using snort;Aickelin;International Journal of Electronic Security and Digital Forensics,2007
2. EHealth cloud security challenges: a survey;Al-Issa;Journal of Healthcare Engineering,2019
3. Performance comparison of intrusion detection systems and application of machine learning to Snort system;Ali;Future Generation Computer Systems,2018
4. Intelligent intrusion detection system through combined and optimized machine learning;Ali;International Journal of Computational Intelligence and Applications,2018
5. Computer security threat monitoring and surveillance;Anderson;Technical Report James P Anderson Co Fort Washington Pa,1980
Cited by
8 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献