![Sample our Engineering & Technology journals, sign in here to start your access, latest two full volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/5933/TOC-Subject-Sample-2021-Engineering-Tech.jpg"})
Abstract
Signature-based network intrusion detection systems (NIDSs) have been popularly implemented in different organisations, with the purpose of defending against various attacks. However, it is identified that these systems suffer from three major issues in practical applications such as overload packets, expensive signature matching and massive false alarms, which would significantly decrease the effectiveness of these systems. In this paper, an adaptive framework is proposed to improve the overall performance of a signature-based NIDS such as Snort regarding the aforementioned issues. This framework is further implemented in an engineering way, in which a trust-based packet filter with an exclusive signature matching scheme, and an intelligent machine learning-based false alarm filter aiming to reduce target packets, improve the process of signature matching and decrease the number of false alarms are constructed, respectively. In the evaluation, the experimental results on a well-known benchmark and a real network environment demonstrate that this approach and implementation can provide overall improvements for a signature-based NIDS such as Snort in the aspects of packet filtration, signature matching improvement and false alarm reduction.
Funding
This project was fully funded by the Innovation to Realization Funding Scheme of the City University of Hong Kong (under the project number 6351018).
Additional information
Dr Weizhi Meng received his B.Eng. degree in Computer Science from the Nanjing University of Posts and Communications in 2009 and obtained his Ph.D. degree in Computer Science from the City University of Hong Kong in 2013. His research interests are information security including intrusion detection, mobile security, web security, vulnerability analysis, cloud computing and intelligent security applications. He was previously known as Yuxin Meng and worked as a Senior Research Associate in the City University of Hong Kong from 2013 to 2014. He is now a Research Scientist in Infocomm Security (ICS) Department, Institute for Infocomm Research (I2R), Singapore.
Ir Dr Lam For Kwok received his Ph.D. degree in Information Security from the Queensland University of Technology, Australia. He is currently an Associate Professor of the Department of Computer Science, City University of Hong Kong. His research interests include information security and management, intrusion detection systems and application of IT in education and web-based information systems. He was the Chairman of the IT Division (2010–2012), and is currently the Chairman of the Information Discipline Advisory Panel of the Hong Kong Institution of Engineers. He is a Fellow of the Hong Kong Institution of Engineers and the British Computer Society.