• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Privacy, Security, Trust and the Management of e-Business, 2009. CONGRESS '09 >Classification and Discovery of Rule Misconfigurations in Intrusion Detection and Response Devices
【24h】

Classification and Discovery of Rule Misconfigurations in Intrusion Detection and Response Devices

机译:入侵检测和响应设备中规则错误配置的分类和发现

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The signature-based intrusion detection is one of the most commonly used techniques implemented in modern intrusion detection systems (IDS). Being based on a set of rules, i.e., attack signatures, the accuracy and reliability of IDS detection heavily depend on the quality of the employed rule set. In this context, any conflicts that arise between rules create ambiguity in classification of network traffic or host events, not only affecting the performance of IDS, but also putting the system in a vulnerable position. Currently existing techniques for conflict detection focus primarily on the security policy of the network devices: IPSec, routers, firewalls. In this paper we address the conflict detection in host and network-based intrusion detection and response devices and present a rule management framework that allows rule set analysis for potential conflicts. We demonstrate the advantages of the proposed approach on three collections of attack signatures: the set provided by the vendor of the commercial IDS and the rule sets of the open source Snort IDS and Bleeding Edge Threats. Our analysis reveal conflicts in each of them.
机译:基于签名的入侵检测是现代入侵检测系统(IDS)中最常用的技术之一。基于一组规则,即攻击特征,IDS检测的准确性和可靠性在很大程度上取决于所采用规则集的质量。在这种情况下,规则之间发生的任何冲突都会在网络流量或主机事件的分类中造成歧义,不仅影响IDS的性能,而且使系统处于易受攻击的位置。当前用于冲突检测的现有技术主要集中在网络设备的安全策略:IPSec,路由器,防火墙。在本文中,我们介绍了基于主机和基于网络的入侵检测和响应设备中的冲突检测,并提出了一个规则管理框架,该框架允许对潜在冲突进行规则集分析。我们在三种攻击特征码集合上展示了该方法的优势:商业IDS供应商提供的集合以及开源Snort IDS和出血边缘威胁的规则集。我们的分析揭示了每个冲突。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号