An evaluation of single character frequency-based exclusive signature matching in distinct IDS environments

Weizhi MENG, Wenjuan LI, Lam-For KWOK

Research output: Chapter in Book/Report/Conference proceedingChapters

11 Citations (Scopus)

Abstract

The signature-based intrusion detection systems are one of the most commonly used software to protect computer networks by comparing incoming traffic with stored signatures. However, the process of signature matching is a key challenge, in which the workload is generally at least linear to the size of a target string. To solve this problem, exclusive signature matching (ESM) has been proposed based on the observation that most network packets would not match any IDS signatures. But this kind of schemes like the single character frequency-based ESM has not been extensively evaluated. In this paper, our interests are to verify the observation above and evaluate the single character frequency-based ESM in regular networks and hostile environments respectively. In the hostile experiment, we specifically design two malicious situations to test the scheme performance. The experimental results show that the single character frequency-based ESM works fine in a regular network, but its performance would be greatly decreased in a hostile environment. Copyright © 2014 Springer International Publishing Switzerland.

Original languageEnglish
Title of host publicationInformation security: 17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014, proceedings
EditorsSherman S. M. CHOW, Jan CAMENISCH, Lucas C. K. HUI, Siu Ming YIU
Place of PublicationCham
PublisherSpringer
Pages465-476
ISBN (Electronic)9783319132570
ISBN (Print)9783319132563
DOIs
Publication statusPublished - 2014

Citation

Meng, W., Li, W., & Kwok, L.-F. (2014). An evaluation of single character frequency-based exclusive signature matching in distinct IDS environments. In S. S. M. Chow, J. Camenisch, L. C. K. Hui, & S. M. Yiu (Eds.), Information security: 17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014, proceedings (pp. 465-476). Springer. https://doi.org/10.1007/978-3-319-13257-0_29

Keywords

  • Intrusion detection
  • Exclusive signature matching
  • Performance evaluation
  • Single character frequency
  • Network security

Fingerprint

Dive into the research topics of 'An evaluation of single character frequency-based exclusive signature matching in distinct IDS environments'. Together they form a unique fingerprint.