70
Views
0
CrossRef citations to date
0
Altmetric
Awarded Papers

Towards effective and robust list-based packet filter for signature-based network intrusion detection: an engineering approach

ORCID Icon, ORCID Icon &
Pages 204-215 | Received 14 Mar 2017, Accepted 03 Aug 2017, Published online: 26 Dec 2017

References

  • Scarfone K, Mell P. Guide to intrusion detection and prevention systems (IDPS). NIST Special Publication 800-94, Gaithersburg, the USA; Feb 2007.
  • Roesch M. Snort: lightweight intrusion detection for networks. Proceedings of Usenix LISA Conference; Seattle, Washington, the USA; 1999. p. 229–238.
  • Paxson V. Bro: a system for detecting network intruders in real-time. Comput Netw. 1999;31(23-24):2435–2463. doi: 10.1016/S1389-1286(99)00112-7
  • Sommer R, Paxson V. Outside the closed world: on using machine learning for network intrusion detection. Proceedings of IEEE Symp on Security and Privacy; Oakland, CA, the USA; 2010. p. 305–316.
  • Axelsson S. The base-rate fallacy and the difficulty of intrusion detection. ACM Trans Inform Syst Sec. 2000;3(3):186–205. doi: 10.1145/357830.357849
  • Dreger H, Feldmann A, Paxson V, et al. Operational experiences with high-volume network intrusion detection. Proceedings of ACM Conference on Computer and Communications Security (CCS); Washington, DC, the USA; 2004. p. 2–11.
  • Fisk M, Varghese G. An analysis of fast string matching applied to content-based forwarding and intrusion detection. San Diego: University of California; 2002. ( Technical Report CS2001-0670).
  • Rivest RL. On the worst-case behavior of string-searching algorithms. SIAM J Comput. 1977;6:669–674. doi: 10.1137/0206048
  • Meng Y, Kwok LF. Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection. J Netw Comput Appl. 2014;39:83–92. doi: 10.1016/j.jnca.2013.05.009
  • Meng Y, Kwok LF. Adaptive context-aware packet filter scheme using statistic-based blacklist generation in network intrusion detection. Proceedings of International Conference on Information Assurance and Security (IAS); 2011. p. 74–79.
  • Meng Y, Kwok LF, Li W. Towards designing packet filter with a trust-based approach using Bayesian inference in network intrusion detection. Proceedings of the 8th International Conference on Security and Privacy in Communication Networks; Padua, Italy; 2012. p. 203–221.
  • Meng Y, Kwok LF. Enhancing list-based packet filter using IP verification mechanism against IP spoofing attack in network intrusion detection. Proceedings of NSS; 2012.
  • Chen EY, Itoh M. A whitelist approach to protect SIP servers from flooding attacks. Proceedings of IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR); 2010. p. 1–6.
  • Sourdis I, Dimopoulos V, Pnevmatikatos D, et al. Packet pre-filtering for network intrusion detection. Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communications Systems; San Jose, CA, the USA; 2006. p. 183–192.
  • Boyer RS, Moore JS. A fast string searching algorithm. Commun ACM. 1977;20(10):762–772. doi: 10.1145/359842.359859
  • Horspool R. Practical fast searching in strings. Softw Pract Exp. 1980;10(6):501–506. doi: 10.1002/spe.4380100608
  • Aho AV, Corasick MJ. Efficient string matching: an aid to bibliographic search. Commun ACM. 1975;18(6):333–340. doi: 10.1145/360825.360855
  • Wu S, Manber U. A fast algorithm for multi-pattern searching. Department of Computer Science, University of Arizona; 1994. ( Technical Report TR-94-17).
  • Meng Y, Li W, Kwok LF. Towards adaptive character frequency-based exclusive signature matching scheme and its applications in distributed intrusion detection. Comput Netw. 2013;57(17):3630–3640. doi: 10.1016/j.comnet.2013.08.009
  • WEKA, Data Mining Software in Java. [Internet] Available from: http://www.cs.waikato.ac.nz/ml/weka/
  • Pietraszek T. Using adaptive alert classification to reduce false positives in intrusion detection. Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection; France: Sophia Antipolis; 2004. p. 102–124.
  • Law KH, Kwok LF. IDS false alarm filtering using KNN classifier. Proceedings of the 5th International Conference on Information Security Applications; Jeju Island, Korea; 2005. p. 114–121.
  • Alharby A, Imai H. IDS false alarm reduction using continuous and discontinuous patterns. Proceedings of the 3rd International Conference on Applied Cryptography and Network Security; New York, NY, the USA; 2005. p. 192–205.
  • Meng Y, Kwok LF. Adaptive false alarm filter using machine learning in intrusion detection. Proceedings of the 6th International Conference on Intelligent Systems and Knowledge Engineering; Shanghai, China; 2011. p. 573–584.
  • Meng Y, Li W, Kwok LF. Intelligent alarm filter using knowledge-based alert verification in network intrusion detection. Proceedings of the 20th International Symposium on Methodologies for Intelligent Systems; Macau, China; 2012. p. 115–124.
  • Meng Y, Kwok LF. Adaptive non-critical alarm reduction using hash-based contextual signatures in intrusion detection. Comput Comm. 2014;38:50–59. doi: 10.1016/j.comcom.2013.11.001
  • Li J, Sung M, Xu J, et al. Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation. IEEE/ACM Trans Networking. 2008;16(6):1253–1266. doi: 10.1109/TNET.2007.911427
  • Jin C, Wang H, Shin KG. Hop-count filtering: an effective defense against spoofed DDoS traffic. Proceedings of ACM Conference on Computer and Communications Security (CCS); 2003. p. 30–41.
  • Rodi. [Internet] Available from: http://rodi.sourceforge.net/wiki/.
  • Wireshark, Network Protocol Analyzer. [Internet] Available from: http://www.wireshark.org/.
  • Manusankar C, Karthik S, Rajendran T. Intrusion detection system with packet filtering for IP spoofing. Proceedings of International Conference on Communication and Computational Intelligence; 2010. p. 563–567.
  • Yao G, Bi J, Vasilakos AV. Passive IP traceback: disclosing the locations of IP spoofers from path backscatter. IEEE Tract Informat Forensic Secur. 2015;10(3):471–484. doi: 10.1109/TIFS.2014.2381873
  • Yaar A, Perrig A, Song D. Pi: a path identification mechanism to defend against DDoS attacks. Proceedings of IEEE Symposium on Security and Privacy; 2003. p. 93–107.
  • Meng W, Li W, Kwok LF. EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput Secur. 2014;43:189–204. doi: 10.1016/j.cose.2014.02.006
  • Meng Y, Kwok LF. Towards an information-theoretic approach for measuring intelligent false alarm reduction in intrusion detection. Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications; Melbourne, Australia; 2013. p. 241–248.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.