TY - GEN
T1 - IDS performance enhancement technique based on dynamic traffic awareness histograms
AU - Trabelsi, Zouheir
AU - Zeidan, Safaa
PY - 2014
Y1 - 2014
N2 - This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.
AB - This paper discusses an approach to improve the performance of Intrusion Detection Systems (IDSs) through optimizing the order of the attack signature rules as well as the order of the rule fields. The proposed approach is based on calculating the histograms of the attack packets that match the signature rules and of those that do not match the rule-fields. The histograms are used to effectively monitor the IDS performance in real-time and to predict the optimal orders of the signature rules and the rule-fields, based on the attack packets patterns. The paper discusses the evaluation of the proposed approach with other conventional approaches using Snort tool as an example of IDS system. The numerical results obtained by simulations demonstrate that the proposed approach is able to significantly improve Snort performance in terms of cumulative packet processing time.
KW - Attack packet flow matching histogram
KW - Attack signature rules
KW - Intrusion detection systems
KW - Packet early acceptance
KW - Packet early rejection
KW - Rule-fields ordering
KW - Signature rule ordering
UR - http://www.scopus.com/inward/record.url?scp=84906991664&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84906991664&partnerID=8YFLogxK
U2 - 10.1109/ICC.2014.6883446
DO - 10.1109/ICC.2014.6883446
M3 - Conference contribution
AN - SCOPUS:84906991664
SN - 9781479920037
T3 - 2014 IEEE International Conference on Communications, ICC 2014
SP - 975
EP - 980
BT - 2014 IEEE International Conference on Communications, ICC 2014
PB - IEEE Computer Society
T2 - 2014 1st IEEE International Conference on Communications, ICC 2014
Y2 - 10 June 2014 through 14 June 2014
ER -