Dynamically Detecting Security Threats and Updating a Signature-Based Intrusion Detection System’s Database

Mutep Y AlYousef; Nabih T Abdelmajeed

首页> 外文期刊>Procedia Computer Science >Dynamically Detecting Security Threats and Updating a Signature-Based Intrusion Detection System’s Database

【24h】

Dynamically Detecting Security Threats and Updating a Signature-Based Intrusion Detection System’s Database

机译：动态检测安全威胁并更新基于签名的入侵检测系统的数据库

获取原文

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

The electronic attacks that threaten the security of networks and information are increasing, especially during the current rapid electronic revolution. Therefore, it is necessary to use surveillance and protection systems in order to secure computer networks. An intrusion detection system (IDS) is one of the most important security systems available on the market. An IDS is a system that can be used to observe network traffic for illegal activities or illegitimate access to the network and to display alerts in such cases. There are three main types of IDSs: signature-based IDSs, anomaly-based IDSs and a hybrid of both. Auto-updating lists of attacks in order to overcome new types of attacks is one of the main challenges for a signature-based IDS. Most IDSs update their databases manually—done by network administrators—or by using websites that offer newly detected attack signatures. This paper proposes a model of auto-updating the attack lists using a filtering engine that acts as a second IDS engine. The results show an improvement in the overall accuracy of the IDS using the proposed model. In addition to detecting new attack signatures based on similarity, a blacklist of IP factors is used in the proposed model, which automates the updating process of IDS databases with the new attack signatures without human interference.

机译：威胁网络和信息安全的电子攻击正在增加，特别是在当前快速的电子革命期间。因此，有必要使用监视和保护系统以保护计算机网络。入侵检测系统（IDS）是市场上最重要的安全系统之一。 IDS是一种系统，可用于观察网络流量中的非法活动或对网络的非法访问，并在这种情况下显示警报。 IDS分为三种主要类型：基于签名的IDS，基于异常的IDS以及两者的混合。自动更新攻击列表以克服新型攻击是基于签名的IDS的主要挑战之一。大多数IDS由网络管理员手动更新数据库，或使用提供新检测到的攻击特征的网站进行更新。本文提出了一种使用充当第二个IDS引擎的过滤引擎来自动更新攻击列表的模型。结果表明，使用所提出的模型可以提高IDS的整体准确性。除了基于相似度检测新的攻击特征外，在该模型中还使用了IP因子黑名单，该功能可以自动使用新的攻击特征对IDS数据库进行更新，而无需人工干预。

著录项

来源
《Procedia Computer Science》 |2019年第1期|共10页
作者
Mutep Y AlYousef; Nabih T Abdelmajeed;
展开▼
作者单位

展开▼
收录信息
原文格式 PDF
正文语种
中图分类计算技术、计算机技术;
关键词
intrusion detection systemsignature-basedanomaly-basedtrafficupdate;

机译：入侵检测系统基于签名的基于异常的流量更新;

相似文献

外文文献
中文文献
专利

1. Dynamically Detecting Security Threats and Updating a Signature-Based Intrusion Detection System’s Database [J] . Mutep Y AlYousef, Nabih T Abdelmajeed Procedia Computer Science . 2019,第11期

机译：动态检测安全威胁并更新基于签名的入侵检测系统的数据库
2. Network Security Alerts Management Architecture for Signature-Based Intrusions Detection Systems within a NAT Environment [J] . Meharouech Sourour, Bouhoula Adel, Abbes Tarek Journal of network and systems management . 2011,第4期

机译：NAT环境中基于签名的入侵检测系统的网络安全警报管理体系结构
3. Analysis of update delays in signature-based network intrusion detection systems [J] . Hugo Gascon, Agustin Orfila, Jorge Blasco Computers & Security . 2011,第8期

机译：基于签名的网络入侵检测系统中更新延迟的分析
4. Big Data against Security Threats: The SPEAR Intrusion Detection System [C] . Dimitrios Pliatsios, Panagiotis Sarigiannidis, Konstantinos Psannis, World Symposium on Communication Engineering . 2020

机译：防止安全威胁的大数据：矛入侵检测系统
5. Security threats and intrusion detection at the MAC layer in 802.15.4 sensor networks [D] . Begum, Jobaida 2007

机译：802.15.4传感器网络中MAC层的安全威胁和入侵检测
6. An IoT-Focused Intrusion Detection System Approach Based on Preprocessing Characterization for Cybersecurity Datasets [O] . Xavier Larriva-Novo, Víctor A. Villagrá, Mario Vega-Barbas, 2021

机译：基于网络安全数据集的预处理表征的IOT聚焦的入侵检测系统方法
7. Analysis of update delays in signature-based network intrusion detection systems [O] . Gascón Hugo, Orfila Agustín, Blasco Jorge 2011

机译：基于签名的网络入侵检测系统中的更新延迟分析

Dynamically Detecting Security Threats and Updating a Signature-Based Intrusion Detection System’s Database

摘要

著录项

相似文献

相关主题

期刊订阅