IDS performance enhancement technique based on dynamic traffic awareness histograms

Zouheir Trabelsi; Safaa Zeidan

doi:10.1109/ICC.2014.6883446

IDS performance enhancement technique based on dynamic traffic awareness histograms

Zouheir Trabelsi, Safaa Zeidan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

Abstract

This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.

Original language	English
Title of host publication	2014 IEEE International Conference on Communications, ICC 2014
Publisher	IEEE Computer Society
Pages	975-980
Number of pages	6
ISBN (Print)	9781479920037
DOIs	https://doi.org/10.1109/ICC.2014.6883446
Publication status	Published - Jan 1 2014
Event	2014 1st IEEE International Conference on Communications, ICC 2014 - Sydney, NSW, Australia Duration: Jun 10 2014 → Jun 14 2014

Publication series

Name	2014 IEEE International Conference on Communications, ICC 2014

Other

Other	2014 1st IEEE International Conference on Communications, ICC 2014
Country/Territory	Australia
City	Sydney, NSW
Period	6/10/14 → 6/14/14

Keywords

Attack packet flow matching histogram
Attack signature rules
Intrusion detection systems
Packet early acceptance
Packet early rejection
Rule-fields ordering
Signature rule ordering

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1109/ICC.2014.6883446

Cite this

IDS performance enhancement technique based on dynamic traffic awareness histograms. / Trabelsi, Zouheir; Zeidan, Safaa.
2014 IEEE International Conference on Communications, ICC 2014. IEEE Computer Society, 2014. p. 975-980 6883446 (2014 IEEE International Conference on Communications, ICC 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Trabelsi, Z & Zeidan, S 2014, IDS performance enhancement technique based on dynamic traffic awareness histograms. in 2014 IEEE International Conference on Communications, ICC 2014., 6883446, 2014 IEEE International Conference on Communications, ICC 2014, IEEE Computer Society, pp. 975-980, 2014 1st IEEE International Conference on Communications, ICC 2014, Sydney, NSW, Australia, 6/10/14. https://doi.org/10.1109/ICC.2014.6883446

@inproceedings{ff97054b60574afea86445233f3abac5,

title = "IDS performance enhancement technique based on dynamic traffic awareness histograms",

abstract = "This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.",

keywords = "Attack packet flow matching histogram, Attack signature rules, Intrusion detection systems, Packet early acceptance, Packet early rejection, Rule-fields ordering, Signature rule ordering",

author = "Zouheir Trabelsi and Safaa Zeidan",

year = "2014",

month = jan,

day = "1",

doi = "10.1109/ICC.2014.6883446",

language = "English",

isbn = "9781479920037",

series = "2014 IEEE International Conference on Communications, ICC 2014",

publisher = "IEEE Computer Society",

pages = "975--980",

booktitle = "2014 IEEE International Conference on Communications, ICC 2014",

note = "2014 1st IEEE International Conference on Communications, ICC 2014 ; Conference date: 10-06-2014 Through 14-06-2014",

}

TY - GEN

T1 - IDS performance enhancement technique based on dynamic traffic awareness histograms

AU - Trabelsi, Zouheir

AU - Zeidan, Safaa

PY - 2014/1/1

Y1 - 2014/1/1

N2 - This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.

AB - This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.

KW - Attack packet flow matching histogram

KW - Attack signature rules

KW - Intrusion detection systems

KW - Packet early acceptance

KW - Packet early rejection

KW - Rule-fields ordering

KW - Signature rule ordering

UR - http://www.scopus.com/inward/record.url?scp=84906991664&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84906991664&partnerID=8YFLogxK

U2 - 10.1109/ICC.2014.6883446

DO - 10.1109/ICC.2014.6883446

M3 - Conference contribution

AN - SCOPUS:84906991664

SN - 9781479920037

T3 - 2014 IEEE International Conference on Communications, ICC 2014

SP - 975

EP - 980

BT - 2014 IEEE International Conference on Communications, ICC 2014

PB - IEEE Computer Society

T2 - 2014 1st IEEE International Conference on Communications, ICC 2014

Y2 - 10 June 2014 through 14 June 2014

ER -

IDS performance enhancement technique based on dynamic traffic awareness histograms

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this