Title :
Using Patch Management Tools to Enhance the Signature Customization for IDS Based on Vulnerability Scanner
Author :
Badawy, Mohamed Alfateh ; El-Fishawy, Nawal A. ; Elshakankiry, Osama
Abstract :
Signature customization is a technique to help the misuse network based IDS to select an appropriate signature for the protected hosts. Additionally, it eliminates unnecessary signature matching in order to enhance the detection capabilities for the NIDS. This paper assesses the effectiveness of depending only on vulnerability scanners to perform signature customization. In addition, it introduces the integration of vulnerability scanners with patch management tools to limit the number of false positive and false negative customizations. The results show that adding the patch management tools to the integration between the NIDS and vulnerability scanners can reduce the false signature customization. The proposed system will insure tuning accuracy for average of 30% of all shielded rules in the original signature customization system, accordingly improving the overall detection efficiency for the IDS.
Keywords :
computer network security; digital signatures; NIDS; false negative customizations; false positive customizations; intrusion detection system; network based IDS; patch management tools; signature customization system; signature matching; vulnerability scanners; Accuracy; Computer architecture; Computers; Intrusion detection; NIST; Software; NIDS; Snort; Vulnerability assessment; WSUS; risk assessment;
Conference_Titel :
Information Technology: New Generations (ITNG), 2014 11th International Conference on
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-4799-3187-3
DOI :
10.1109/ITNG.2014.78
