IDS performance enhancement technique based on dynamic traffic awareness histograms

Zouheir Trabelsi, Safaa Zeidan

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    5 Citations (Scopus)

    Abstract

    This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.

    Original languageEnglish
    Title of host publication2014 IEEE International Conference on Communications, ICC 2014
    PublisherIEEE Computer Society
    Pages975-980
    Number of pages6
    ISBN (Print)9781479920037
    DOIs
    Publication statusPublished - Jan 1 2014
    Event2014 1st IEEE International Conference on Communications, ICC 2014 - Sydney, NSW, Australia
    Duration: Jun 10 2014Jun 14 2014

    Publication series

    Name2014 IEEE International Conference on Communications, ICC 2014

    Other

    Other2014 1st IEEE International Conference on Communications, ICC 2014
    Country/TerritoryAustralia
    CitySydney, NSW
    Period6/10/146/14/14

    Keywords

    • Attack packet flow matching histogram
    • Attack signature rules
    • Intrusion detection systems
    • Packet early acceptance
    • Packet early rejection
    • Rule-fields ordering
    • Signature rule ordering

    ASJC Scopus subject areas

    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'IDS performance enhancement technique based on dynamic traffic awareness histograms'. Together they form a unique fingerprint.

    Cite this