IDS performance enhancement technique based on dynamic traffic awareness histograms

Zouheir Trabelsi, Safaa Zeidan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.

Original languageEnglish
Title of host publication2014 IEEE International Conference on Communications, ICC 2014
PublisherIEEE Computer Society
Pages975-980
Number of pages6
ISBN (Print)9781479920037
DOIs
Publication statusPublished - 2014
Event2014 1st IEEE International Conference on Communications, ICC 2014 - Sydney, NSW, Australia
Duration: Jun 10 2014Jun 14 2014

Publication series

Name2014 IEEE International Conference on Communications, ICC 2014

Other

Other2014 1st IEEE International Conference on Communications, ICC 2014
Country/TerritoryAustralia
CitySydney, NSW
Period6/10/146/14/14

Keywords

  • Attack packet flow matching histogram
  • Attack signature rules
  • Intrusion detection systems
  • Packet early acceptance
  • Packet early rejection
  • Rule-fields ordering
  • Signature rule ordering

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'IDS performance enhancement technique based on dynamic traffic awareness histograms'. Together they form a unique fingerprint.

Cite this