Title :
Attack signature matching and discovery in systems employing heterogeneous IDS
Author :
Carey, Nathan ; Mohay, George ; Clark, Andrew
Author_Institution :
Queensland Univ. of Technol., Brisbane, Qld., Australia
Abstract :
Over the past decade, intrusion detection systems (IDS) have improved steadily in the efficiency and effectiveness with which they detect intrusive activity. This is particularly true with signature-based IDS due to progress with intrusion analysis and intrusion signature specification. At the same time system complexity, overall numbers of bugs and security vulnerabilities have been on the increase. This has led to the recognition that in order to operate over the entire attack space, multiple heterogeneous IDS must be used, which need to interoperate with one another, and possibly also with other components of system security. We describe our research into developing algorithms for attack signature matching for detecting multistage attacks manifested by alerts from heterogeneous IDS. It describes also the testing and preliminary results of that research, and the administrator interface used to analyze the alerts produced by the tests and the results of signature matching.
Keywords :
message authentication; pattern matching; administrator interface; attack signature matching; intrusion signature specification; multiple heterogeneous intrusion detection system; multistage attacks; Computer bugs; Data analysis; Dynamic compiler; Genetic expression; Intrusion detection; Java; Logic; Performance analysis; Security; Testing;
Conference_Titel :
Computer Security Applications Conference, 2003. Proceedings. 19th Annual
Print_ISBN :
0-7695-2041-3
DOI :
10.1109/CSAC.2003.1254329
