Abstract
The signature-based intrusion detection systems are one of the most commonly used software to protect computer networks by comparing incoming traffic with stored signatures. However, the process of signature matching is a key challenge, in which the workload is generally at least linear to the size of a target string. To solve this problem, exclusive signature matching (ESM) has been proposed based on the observation that most network packets would not match any IDS signatures. But this kind of schemes like the single character frequency-based ESM has not been extensively evaluated. In this paper, our interests are to verify the observation above and evaluate the single character frequency-based ESM in regular networks and hostile environments respectively. In the hostile experiment, we specifically design two malicious situations to test the scheme performance. The experimental results show that the single character frequency-based ESM works fine in a regular network, but its performance would be greatly decreased in a hostile environment. Copyright © 2014 Springer International Publishing Switzerland.
Original language | English |
---|---|
Title of host publication | Information security: 17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014, proceedings |
Editors | Sherman S. M. CHOW, Jan CAMENISCH, Lucas C. K. HUI, Siu Ming YIU |
Place of Publication | Cham |
Publisher | Springer |
Pages | 465-476 |
ISBN (Electronic) | 9783319132570 |
ISBN (Print) | 9783319132563 |
DOIs | |
Publication status | Published - 2014 |
Citation
Meng, W., Li, W., & Kwok, L.-F. (2014). An evaluation of single character frequency-based exclusive signature matching in distinct IDS environments. In S. S. M. Chow, J. Camenisch, L. C. K. Hui, & S. M. Yiu (Eds.), Information security: 17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014, proceedings (pp. 465-476). Springer. https://doi.org/10.1007/978-3-319-13257-0_29Keywords
- Intrusion detection
- Exclusive signature matching
- Performance evaluation
- Single character frequency
- Network security