Advanced search
Publication Cover
HKIE Transactions Volume 24, 2017 - Issue 4: Special Issue with Awarded and Shortlisted Papers from the HKIE Outstanding Paper Award for Young Engineers/Researchers 2017
Journal homepage
70
Views
0
CrossRef citations to date
0
Altmetric
Awarded Papers

Towards effective and robust list-based packet filter for signature-based network intrusion detection: an engineering approach

Weizhi MengDepartment of Applied Mathematics and Computer Science, Technical University of Denmark, Kongens Lyngby, DenmarkCorrespondence[email protected]
ORCID Iconhttp://orcid.org/0000-0003-4384-5786View further author information
ORCID Icon,
Wenjuan LiDepartment of Computer Science, City University of Hong Kong, Hong Kong, People's Republic of ChinaORCID Iconhttp://orcid.org/0000-0003-3745-5669View further author information
ORCID Icon &
Lam For KwokDepartment of Computer Science, City University of Hong Kong, Hong Kong, People's Republic of ChinaView further author information
Pages 204-215 | Received 14 Mar 2017, Accepted 03 Aug 2017, Published online: 26 Dec 2017

References

  • Scarfone K, Mell P. Guide to intrusion detection and prevention systems (IDPS). NIST Special Publication 800-94, Gaithersburg, the USA; Feb 2007.
  • Roesch M. Snort: lightweight intrusion detection for networks. Proceedings of Usenix LISA Conference; Seattle, Washington, the USA; 1999. p. 229–238.
  • Paxson V. Bro: a system for detecting network intruders in real-time. Comput Netw. 1999;31(23-24):2435–2463. doi: 10.1016/S1389-1286(99)00112-7
  • Sommer R, Paxson V. Outside the closed world: on using machine learning for network intrusion detection. Proceedings of IEEE Symp on Security and Privacy; Oakland, CA, the USA; 2010. p. 305–316.
  • Axelsson S. The base-rate fallacy and the difficulty of intrusion detection. ACM Trans Inform Syst Sec. 2000;3(3):186–205. doi: 10.1145/357830.357849
  • Dreger H, Feldmann A, Paxson V, et al. Operational experiences with high-volume network intrusion detection. Proceedings of ACM Conference on Computer and Communications Security (CCS); Washington, DC, the USA; 2004. p. 2–11.
  • Fisk M, Varghese G. An analysis of fast string matching applied to content-based forwarding and intrusion detection. San Diego: University of California; 2002. ( Technical Report CS2001-0670).
  • Rivest RL. On the worst-case behavior of string-searching algorithms. SIAM J Comput. 1977;6:669–674. doi: 10.1137/0206048
  • Meng Y, Kwok LF. Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection. J Netw Comput Appl. 2014;39:83–92. doi: 10.1016/j.jnca.2013.05.009
  • Meng Y, Kwok LF. Adaptive context-aware packet filter scheme using statistic-based blacklist generation in network intrusion detection. Proceedings of International Conference on Information Assurance and Security (IAS); 2011. p. 74–79.
  • Meng Y, Kwok LF, Li W. Towards designing packet filter with a trust-based approach using Bayesian inference in network intrusion detection. Proceedings of the 8th International Conference on Security and Privacy in Communication Networks; Padua, Italy; 2012. p. 203–221.
  • Meng Y, Kwok LF. Enhancing list-based packet filter using IP verification mechanism against IP spoofing attack in network intrusion detection. Proceedings of NSS; 2012.
  • Chen EY, Itoh M. A whitelist approach to protect SIP servers from flooding attacks. Proceedings of IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR); 2010. p. 1–6.
  • Sourdis I, Dimopoulos V, Pnevmatikatos D, et al. Packet pre-filtering for network intrusion detection. Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communications Systems; San Jose, CA, the USA; 2006. p. 183–192.
  • Boyer RS, Moore JS. A fast string searching algorithm. Commun ACM. 1977;20(10):762–772. doi: 10.1145/359842.359859
  • Horspool R. Practical fast searching in strings. Softw Pract Exp. 1980;10(6):501–506. doi: 10.1002/spe.4380100608
  • Aho AV, Corasick MJ. Efficient string matching: an aid to bibliographic search. Commun ACM. 1975;18(6):333–340. doi: 10.1145/360825.360855
  • Wu S, Manber U. A fast algorithm for multi-pattern searching. Department of Computer Science, University of Arizona; 1994. ( Technical Report TR-94-17).
  • Meng Y, Li W, Kwok LF. Towards adaptive character frequency-based exclusive signature matching scheme and its applications in distributed intrusion detection. Comput Netw. 2013;57(17):3630–3640. doi: 10.1016/j.comnet.2013.08.009
  • WEKA, Data Mining Software in Java. [Internet] Available from: http://www.cs.waikato.ac.nz/ml/weka/
  • Pietraszek T. Using adaptive alert classification to reduce false positives in intrusion detection. Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection; France: Sophia Antipolis; 2004. p. 102–124.
  • Law KH, Kwok LF. IDS false alarm filtering using KNN classifier. Proceedings of the 5th International Conference on Information Security Applications; Jeju Island, Korea; 2005. p. 114–121.
  • Alharby A, Imai H. IDS false alarm reduction using continuous and discontinuous patterns. Proceedings of the 3rd International Conference on Applied Cryptography and Network Security; New York, NY, the USA; 2005. p. 192–205.
  • Meng Y, Kwok LF. Adaptive false alarm filter using machine learning in intrusion detection. Proceedings of the 6th International Conference on Intelligent Systems and Knowledge Engineering; Shanghai, China; 2011. p. 573–584.
  • Meng Y, Li W, Kwok LF. Intelligent alarm filter using knowledge-based alert verification in network intrusion detection. Proceedings of the 20th International Symposium on Methodologies for Intelligent Systems; Macau, China; 2012. p. 115–124.
  • Meng Y, Kwok LF. Adaptive non-critical alarm reduction using hash-based contextual signatures in intrusion detection. Comput Comm. 2014;38:50–59. doi: 10.1016/j.comcom.2013.11.001
  • Li J, Sung M, Xu J, et al. Large-scale IP traceback in high-speed internet: practical techniques and information-theoretic foundation. IEEE/ACM Trans Networking. 2008;16(6):1253–1266. doi: 10.1109/TNET.2007.911427
  • Jin C, Wang H, Shin KG. Hop-count filtering: an effective defense against spoofed DDoS traffic. Proceedings of ACM Conference on Computer and Communications Security (CCS); 2003. p. 30–41.
  • Rodi. [Internet] Available from: http://rodi.sourceforge.net/wiki/.
  • Wireshark, Network Protocol Analyzer. [Internet] Available from: http://www.wireshark.org/.
  • Manusankar C, Karthik S, Rajendran T. Intrusion detection system with packet filtering for IP spoofing. Proceedings of International Conference on Communication and Computational Intelligence; 2010. p. 563–567.
  • Yao G, Bi J, Vasilakos AV. Passive IP traceback: disclosing the locations of IP spoofers from path backscatter. IEEE Tract Informat Forensic Secur. 2015;10(3):471–484. doi: 10.1109/TIFS.2014.2381873
  • Yaar A, Perrig A, Song D. Pi: a path identification mechanism to defend against DDoS attacks. Proceedings of IEEE Symposium on Security and Privacy; 2003. p. 93–107.
  • Meng W, Li W, Kwok LF. EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput Secur. 2014;43:189–204. doi: 10.1016/j.cose.2014.02.006
  • Meng Y, Kwok LF. Towards an information-theoretic approach for measuring intelligent false alarm reduction in intrusion detection. Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications; Melbourne, Australia; 2013. p. 241–248.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.