Relevant bibliographies by topics / Signature-based intrusion detection

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers

Academic literature on the topic 'Signature-based intrusion detection'

Author: Grafiati
Published: 4 June 2021
Last updated: 30 January 2023

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Signature-based intrusion detection.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Signature-based intrusion detection"

1

V. Stetsenko, Inna, and Maksym Demydenko. "Signature-based Intrusion Detection Hardware-Software Complex." Information & Security: An International Journal 47, no. 2 (2020): 221–31. http://dx.doi.org/10.11610/isij.4715.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Panagiotou, Panos, Notis Mengidis, Theodora Tsikrika, Stefanos Vrochidis, and Ioannis Kompatsiaris. "Host-based Intrusion Detection Using Signature-based and AI-driven Anomaly Detection Methods." Information & Security: An International Journal 50 (2021): 37–48. http://dx.doi.org/10.11610/isij.5016.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Einy, Sajad, Cemil Oz, and Yahya Dorostkar Navaei. "The Anomaly- and Signature-Based IDS for Network Security Using Hybrid Inference Systems." Mathematical Problems in Engineering 2021 (March 12, 2021): 1–10. http://dx.doi.org/10.1155/2021/6639714.

Full text
Abstract:
With the expansion of communication in today’s world and the possibility of creating interactions between people through communication networks regardless of the distance dimension, the issue of creating security for the data and information exchanged has received much attention from researchers. Various methods have been proposed for this purpose; one of the most important methods is intrusion detection systems to quickly detect intrusions into the network and inform the manager or responsible people to carry out an operational set to reduce the amount of damage caused by these intruders. The main challenge of the proposed intrusion detection systems is the number of erroneous warning messages generated and the low percentage of accurate detection of intrusions in them. In this research, the Suricata IDS/IPS is deployed along with the NN model for the metaheuristic’s manual detection of malicious traffic in the targeted network. For the metaheuristic-based feature selection, the neural network, and the anomaly-based detection, the fuzzy logic is used in this research paper. The latest stable version of Kali Linux 2020.3 is used as an attacking system for web applications and different types of operating systems. The proposed method has achieved 96.111% accuracy for detecting network intrusion.
APA, Harvard, Vancouver, ISO, and other styles
4

Kaur, Harpreet. "NETWORK INTRUSION DETECTION AND PREVENTION ATTACKS." INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY 2, no. 3 (June 30, 2012): 21–23. http://dx.doi.org/10.24297/ijct.v2i3a.2669.

Full text
Abstract:
Intrusion detection is an important technology in business sector as well as an active area of research. It is an important tool for information security. A Network Intrusion Detection System is used to monitor networks for attacks or intrusions and report these intrusions to the administrator in order to take evasive action. Today computers are part of networked; distributed systems that may span multiple buildings sometimes located thousands of miles apart. The network of such a system is a pathway for communication between the computers in the distributed system. The network is also a pathway for intrusion. This system is designed to detect and combat some common attacks on network systems. It follows the signature based IDs methodology for ascertaining attacks. A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats. In this system the attack log displays the list of attacks to the administrator for evasive action. This system works as an alert device in the event of attacks directed towards an entire network.
APA, Harvard, Vancouver, ISO, and other styles
5

Kala, T. Sree, and A. Christy. "Signature Based Algorithms and Intrusion Detection Systems." International Journal of Web Technology 5, no. 1 (June 13, 2016): 9–12. http://dx.doi.org/10.20894/ijwt.104.005.001.003.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Anand, Saloni, and Kshitij Patne. "Network Intrusion Detection and Prevention." International Journal for Research in Applied Science and Engineering Technology 10, no. 6 (June 30, 2022): 3754–59. http://dx.doi.org/10.22214/ijraset.2022.44761.

Full text
Abstract:
Abstract: Intrusion Detection systems are now increasingly significant in network security. As the number of people using the internet grows, so does the chance of a cyberattack. People are adopting signature-based intrusion detection systems. Snort is a popular open-source signature-based intrusion detection system. It is widely utilised in the intrusion detection and prevention arena across the world. The aim of this research is to provide knowledge about intrusion detection systems, application vulnerabilities, and their prevention methods and to perform a comparison of the latest tools and mechanisms used to detect these threats and vulnerabilities.
APA, Harvard, Vancouver, ISO, and other styles
7

Sharma, Gaurav, and Anil Kumar Kapil. "INTRUSION DETECTION AND PREVENTION FRAMEWORK USING DATA MINING TECHNIQUES FOR FINANCIAL SECTOR." Acta Informatica Malaysia 5, no. 2 (September 29, 2021): 58–61. http://dx.doi.org/10.26480/aim.02.2021.58.61.

Full text
Abstract:
Security becomes the main concern when the resources are shared over a network for many purposes. For ease of use and time saving several services offered by banks and other financial companies are accessible over mobile apps and computers connected with the Internet. Intrusion detection (ID) is the act of detecting actions that attempt to compromise the confidentiality, integrity, or availability of a shared resource over a network. Intrusion detection does not include the prevention of intrusions. A different solution is required for intrusion prevention. The major intrusion detection technique is host-based where major accountabilities are taken by the server itself to detect relevant security attacks. In this paper, an intrusion detection algorithm using data mining is presented. The proposed algorithm is compared with the signature apriori algorithm for performance. The proposed algorithm observed better results. This framework may help to explore new areas of future research in increasing security in the banking and financial sector enabled by an intrusion detection system (IDS).
APA, Harvard, Vancouver, ISO, and other styles
8

Kwon, Hee-Yong, Taesic Kim, and Mun-Kyu Lee. "Advanced Intrusion Detection Combining Signature-Based and Behavior-Based Detection Methods." Electronics 11, no. 6 (March 9, 2022): 867. http://dx.doi.org/10.3390/electronics11060867.

Full text
Abstract:
Recently, devices in real-time systems, such as residential facilities, vehicles, factories, and social infrastructure, have been increasingly connected to communication networks. Although these devices provide administrative convenience and enable the development of more sophisticated control systems, critical cybersecurity concerns and challenges remain. In this paper, we propose a hybrid anomaly detection method that combines statistical filtering and a composite autoencoder to effectively detect anomalous behaviors possibly caused by malicious activity in order to mitigate the risk of cyberattacks. We used the SWaT dataset, which was collected from a real water treatment system, to conduct a case study of cyberattacks on industrial control systems to validate the performance of the proposed approach. We then evaluated the performance of the proposed hybrid detection method on a dataset with two time window settings for the composite autoencoder. According to the experimental results, the proposed method improved the precision, recall, and F1-score by up to 0.008, 0.067, and 0.039, respectively, compared to an autoencoder-only approach. Moreover, we evaluated the computational cost of the proposed method in terms of execution time. The execution time of the proposed method was reduced by up to 8.03% compared to that of an autoencoder-only approach. Through the experimental results, we show that the proposed method detected more anomalies than an autoencoder-only detection approach and it also operated significantly faster.
APA, Harvard, Vancouver, ISO, and other styles
9

Roka, Sanjay, and Santosh Naik. "SURVEY ON SIGNATURE BASED INTRUCTION DETECTION SYSTEM USING MULTITHREADING." International Journal of Research -GRANTHAALAYAH 5, no. 4RACSIT (April 30, 2017): 58–62. http://dx.doi.org/10.29121/granthaalayah.v5.i4racsit.2017.3352.

Full text
Abstract:
The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective. Many intrusion detection techniques have been developed on fixed wired networks but have been turned to be inapplicable in this new environment. We need to search for new architecture and mechanisms to protect computer networks. Signature-based Intrusion Detection System matches network packets against a pre-configured set of intrusion signatures. Current implementations of IDS employ only a single thread of execution and as a consequence benefit very little from multi-processor hardware platforms. A multi-threaded technique would allow more efficient and scalable exploitation of these multi-processor machines.
APA, Harvard, Vancouver, ISO, and other styles
10

Antunes, Mário, Luís Oliveira, Afonso Seguro, João Veríssimo, Ruben Salgado, and Tiago Murteira. "Benchmarking Deep Learning Methods for Behaviour-Based Network Intrusion Detection." Informatics 9, no. 1 (March 20, 2022): 29. http://dx.doi.org/10.3390/informatics9010029.

Full text
Abstract:
Network security encloses a wide set of technologies dealing with intrusions detection. Despite the massive adoption of signature-based network intrusion detection systems (IDSs), they fail in detecting zero-day attacks and previously unseen vulnerabilities exploits. Behaviour-based network IDSs have been seen as a way to overcome signature-based IDS flaws, namely through the implementation of machine-learning-based methods, to tolerate new forms of normal network behaviour, and to identify yet unknown malicious activities. A wide set of machine learning methods has been applied to implement behaviour-based IDSs with promising results on detecting new forms of intrusions and attacks. Innovative machine learning techniques have emerged, namely deep-learning-based techniques, to process unstructured data, speed up the classification process, and improve the overall performance obtained by behaviour-based network intrusion detection systems. The use of realistic datasets of normal and malicious networking activities is crucial to benchmark machine learning models, as they should represent real-world networking scenarios and be based on realistic computers network activity. This paper aims to evaluate CSE-CIC-IDS2018 dataset and benchmark a set of deep-learning-based methods, namely convolutional neural networks (CNN) and long short-term memory (LSTM). Autoencoder and principal component analysis (PCA) methods were also applied to evaluate features reduction in the original dataset and its implications in the overall detection performance. The results revealed the appropriateness of using the CSE-CIC-IDS2018 dataset to benchmark supervised deep learning models. It was also possible to evaluate the robustness of using CNN and LSTM methods to detect unseen normal activity and variations of previously trained attacks. The results reveal that feature reduction methods decreased the processing time without loss of accuracy in the overall detection performance.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Signature-based intrusion detection"

1

Cheung, Chun-Hom. "A learning-based approach to false alarm reduction for signature-based intrusion detection systems /." View abstract or full-text, 2004. http://library.ust.hk/cgi/db/thesis.pl?COMP%202004%20CHEUNG.

Full text
Abstract:
Thesis (M. Phil.)--Hong Kong University of Science and Technology, 2004.
Includes bibliographical references (leaves 100-106). Also available in electronic version. Access restricted to campus users.
APA, Harvard, Vancouver, ISO, and other styles
2

Shafi, Kamran Information Technology &amp Electrical Engineering Australian Defence Force Academy UNSW. "An online and adaptive signature-based approach for intrusion detection using learning classifier systems." Awarded by:University of New South Wales - Australian Defence Force Academy, 2008. http://handle.unsw.edu.au/1959.4/38991.

Full text
Abstract:
This thesis presents the case of dynamically and adaptively learning signatures for network intrusion detection using genetic based machine learning techniques. The two major criticisms of the signature based intrusion detection systems are their i) reliance on domain experts to handcraft intrusion signatures and ii) inability to detect previously unknown attacks or the attacks for which no signatures are available at the time. In this thesis, we present a biologically-inspired computational approach to address these two issues. This is done by adaptively learning maximally general rules, which are referred to as signatures, from network traffic through a supervised learning classifier system, UCS. The rules are learnt dynamically (i.e., using machine intelligence and without the requirement of a domain expert), and adaptively (i.e., as the data arrives without the need to relearn the complete model after presenting each data instance to the current model). Our approach is hybrid in that signatures for both intrusive and normal behaviours are learnt. The rule based profiling of normal behaviour allows for anomaly detection in that the events not matching any of the rules are considered potentially harmful and could be escalated for an action. We study the effect of key UCS parameters and operators on its performance and identify areas of improvement through this analysis. Several new heuristics are proposed that improve the effectiveness of UCS for the prediction of unseen and extremely rare intrusive activities. A signature extraction system is developed that adaptively retrieves signatures as they are discovered by UCS. The signature extraction algorithm is augmented by introducing novel subsumption operators that minimise overlap between signatures. Mechanisms are provided to adapt the main algorithm parameters to deal with online noisy and imbalanced class data. The performance of UCS, its variants and the signature extraction system is measured through standard evaluation metrics on a publicly available intrusion detection dataset provided during the 1999 KDD Cup intrusion detection competition. We show that the extended UCS significantly improves test accuracy and hit rate while significantly reducing the rate of false alarms and cost per example scores than the standard UCS. The results are competitive to the best systems participated in the competition in addition to our systems being online and incremental rule learners. The signature extraction system built on top of the extended UCS retrieves a magnitude smaller rule set than the base UCS learner without any significant performance loss. We extend the evaluation of our systems to real time network traffic which is captured from a university departmental server. A methodology is developed to build fully labelled intrusion detection dataset by mixing real background traffic with attacks simulated in a controlled environment. Tools are developed to pre-process the raw network data into feature vector format suitable for UCS and other related machine learning systems. We show the effectiveness of our feature set in detecting payload based attacks.
APA, Harvard, Vancouver, ISO, and other styles
3

Panichprecha, Sorot. "Abstracting and correlating heterogeneous events to detect complex scenarios." Thesis, Queensland University of Technology, 2009. https://eprints.qut.edu.au/26737/1/Sorot_Panichprecha_Thesis.pdf.

Full text
Abstract:
The research presented in this thesis addresses inherent problems in signaturebased intrusion detection systems (IDSs) operating in heterogeneous environments. The research proposes a solution to address the difficulties associated with multistep attack scenario specification and detection for such environments. The research has focused on two distinct problems: the representation of events derived from heterogeneous sources and multi-step attack specification and detection. The first part of the research investigates the application of an event abstraction model to event logs collected from a heterogeneous environment. The event abstraction model comprises a hierarchy of events derived from different log sources such as system audit data, application logs, captured network traffic, and intrusion detection system alerts. Unlike existing event abstraction models where low-level information may be discarded during the abstraction process, the event abstraction model presented in this work preserves all low-level information as well as providing high-level information in the form of abstract events. The event abstraction model presented in this work was designed independently of any particular IDS and thus may be used by any IDS, intrusion forensic tools, or monitoring tools. The second part of the research investigates the use of unification for multi-step attack scenario specification and detection. Multi-step attack scenarios are hard to specify and detect as they often involve the correlation of events from multiple sources which may be affected by time uncertainty. The unification algorithm provides a simple and straightforward scenario matching mechanism by using variable instantiation where variables represent events as defined in the event abstraction model. The third part of the research looks into the solution to address time uncertainty. Clock synchronisation is crucial for detecting multi-step attack scenarios which involve logs from multiple hosts. Issues involving time uncertainty have been largely neglected by intrusion detection research. The system presented in this research introduces two techniques for addressing time uncertainty issues: clock skew compensation and clock drift modelling using linear regression. An off-line IDS prototype for detecting multi-step attacks has been implemented. The prototype comprises two modules: implementation of the abstract event system architecture (AESA) and of the scenario detection module. The scenario detection module implements our signature language developed based on the Python programming language syntax and the unification-based scenario detection engine. The prototype has been evaluated using a publicly available dataset of real attack traffic and event logs and a synthetic dataset. The distinct features of the public dataset are the fact that it contains multi-step attacks which involve multiple hosts with clock skew and clock drift. These features allow us to demonstrate the application and the advantages of the contributions of this research. All instances of multi-step attacks in the dataset have been correctly identified even though there exists a significant clock skew and drift in the dataset. Future work identified by this research would be to develop a refined unification algorithm suitable for processing streams of events to enable an on-line detection. In terms of time uncertainty, identified future work would be to develop mechanisms which allows automatic clock skew and clock drift identification and correction. The immediate application of the research presented in this thesis is the framework of an off-line IDS which processes events from heterogeneous sources using abstraction and which can detect multi-step attack scenarios which may involve time uncertainty.
APA, Harvard, Vancouver, ISO, and other styles
4

Panichprecha, Sorot. "Abstracting and correlating heterogeneous events to detect complex scenarios." Queensland University of Technology, 2009. http://eprints.qut.edu.au/26737/.

Full text
Abstract:
The research presented in this thesis addresses inherent problems in signaturebased intrusion detection systems (IDSs) operating in heterogeneous environments. The research proposes a solution to address the difficulties associated with multistep attack scenario specification and detection for such environments. The research has focused on two distinct problems: the representation of events derived from heterogeneous sources and multi-step attack specification and detection. The first part of the research investigates the application of an event abstraction model to event logs collected from a heterogeneous environment. The event abstraction model comprises a hierarchy of events derived from different log sources such as system audit data, application logs, captured network traffic, and intrusion detection system alerts. Unlike existing event abstraction models where low-level information may be discarded during the abstraction process, the event abstraction model presented in this work preserves all low-level information as well as providing high-level information in the form of abstract events. The event abstraction model presented in this work was designed independently of any particular IDS and thus may be used by any IDS, intrusion forensic tools, or monitoring tools. The second part of the research investigates the use of unification for multi-step attack scenario specification and detection. Multi-step attack scenarios are hard to specify and detect as they often involve the correlation of events from multiple sources which may be affected by time uncertainty. The unification algorithm provides a simple and straightforward scenario matching mechanism by using variable instantiation where variables represent events as defined in the event abstraction model. The third part of the research looks into the solution to address time uncertainty. Clock synchronisation is crucial for detecting multi-step attack scenarios which involve logs from multiple hosts. Issues involving time uncertainty have been largely neglected by intrusion detection research. The system presented in this research introduces two techniques for addressing time uncertainty issues: clock skew compensation and clock drift modelling using linear regression. An off-line IDS prototype for detecting multi-step attacks has been implemented. The prototype comprises two modules: implementation of the abstract event system architecture (AESA) and of the scenario detection module. The scenario detection module implements our signature language developed based on the Python programming language syntax and the unification-based scenario detection engine. The prototype has been evaluated using a publicly available dataset of real attack traffic and event logs and a synthetic dataset. The distinct features of the public dataset are the fact that it contains multi-step attacks which involve multiple hosts with clock skew and clock drift. These features allow us to demonstrate the application and the advantages of the contributions of this research. All instances of multi-step attacks in the dataset have been correctly identified even though there exists a significant clock skew and drift in the dataset. Future work identified by this research would be to develop a refined unification algorithm suitable for processing streams of events to enable an on-line detection. In terms of time uncertainty, identified future work would be to develop mechanisms which allows automatic clock skew and clock drift identification and correction. The immediate application of the research presented in this thesis is the framework of an off-line IDS which processes events from heterogeneous sources using abstraction and which can detect multi-step attack scenarios which may involve time uncertainty.
APA, Harvard, Vancouver, ISO, and other styles
5

Teixeira, Jorge Amílcar Lopes. "Network traffic sampling for improved signature and anomaly based intrusion detection." Master's thesis, 2008. http://hdl.handle.net/10216/58365.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Teixeira, Jorge Amílcar Lopes. "Network traffic sampling for improved signature and anomaly based intrusion detection." Dissertação, 2008. http://hdl.handle.net/10216/58365.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Elsayed, Mohamed Ahmed Seifeldin Mohamed. "Blockchain-based containment of computer worms." Thesis, 2020. http://hdl.handle.net/1828/12492.

Full text
Abstract:
Information technology systems are essential for most businesses as they facilitate the handling and sharing of data and the execution of tasks. Due to connectivity to the internet and other internal networks, these systems are susceptible to cyberattacks. Computer worms are one of the most significant threats to computer systems because of their fast self-propagation to multiple systems and malicious payloads. Modern worms employ obfuscation techniques to avoid detection using patterns from previous attacks. Although the best defense is to eliminate (patch) the software vulnerabilities being exploited by computer worms, this requires a substantial amount of time to create, test, and deploy the patches. Worm containment techniques are used to reduce or stop the spread of worm infections to allow time for software patches to be developed and deployed. In this dissertation, a novel blockchain-based collaborative intrusion prevention system model is introduced. This model is designed to proactively contain zero-day and obfuscated computer worms. In this model, containment is achieved by creating and distributing signatures for the exploited vulnerabilities. Blockchain technology is employed to provide liveness, maintain an immutable record of vulnerability-based signatures to update peers, accomplish trust in confirming the occurrence of a malicious event and the corresponding signature, and allow a decentralized defensive environment. A consensus algorithm based on the Practical Byzantine Fault Tolerance (PBFT) algorithm is employed in the model. The TLA+ formal method is utilized to check the correctness, liveness, and safety properties of the model as well as to assert that it has no behavioral errors. A blockchain-based automatic worm containment system is implemented. A synthetic worm is created to exploit a network-deployed vulnerable program. This is used to evaluate the effectiveness of the containment system. It is shown that the system can contain the worm and has good performance. The system can contain 100 worm attacks a second by generating and distributing the corresponding vulnerability-based signatures. The system latency to contain these attacks is less than 10 ms. In addition, the system has low resource requirements with respect to memory, CPU, and network traffic.
Graduate
APA, Harvard, Vancouver, ISO, and other styles
8

Subramanian, Ramanathan. "A Low-Complexity Algorithm For Intrusion Detection In A PIR-Based Wireless Sensor Network." Thesis, 2010. http://etd.iisc.ernet.in/handle/2005/1384.

Full text
Abstract:
This thesis investigates the problem of detecting an intruder in the presence of clutter in a Passive Infra-Red (PIR) based Wireless Sensor Network (WSN). As one of the major objectives in a WSN is to maximize battery life, data transmission and local computations must be kept to a minimum as they are expensive in terms of energy. But, as intrusion being a rare event and cannot be missed, local computations expend more energy than data transmission. Hence, the need for a low-complexity algorithm for intrusion detection is inevitable. A low-complexity algorithm for intrusion detection in the presence of clutter arising from wind-blown vegetation, using PIR sensors is presented. The algorithm is based on a combination of Haar Transform (HT) and Support Vector Machine (SVM) based training. The amplitude and frequency of the intruder signature is used to differentiate it from the clutter signal. The HT was preferred to Discrete Fourier Transform (DFT) in computing the spectral signature because of its computational simplicity -just additions and subtractions suffice (scaling coefficients taken care appropriately). Intruder data collected in a laboratory and clutter data collected from various types of vegetation were fed into SVM for training. The optimal decision rule returned by SVM was then used to separate intruder from clutter. Simulation results along with some representative samples in which intrusions were detected and the clutter being rejected by the algorithm is presented. The implementation of the proposed intruder-detection algorithm in a network setting comprising of 20 sensing nodes is discussed. The field testing performance of the algorithm is then discussed. The limitations of the algorithm is also discussed. A closed-form analytical expression for the signature generated by a human moving along a straight line in the vicinity of the PIR sensor at constant velocity is provided. It is shown to be a good approximation by showing a close match with the real intruder waveforms. It is then shown how this expression can be exploited to track the intruder from the signatures of three well-positioned sensing nodes.
APA, Harvard, Vancouver, ISO, and other styles

Books on the topic "Signature-based intrusion detection"

1

Hilgurt, S. Ya, and O. A. Chemerys. Reconfigurable signature-based information security tools of computer systems. PH “Akademperiodyka”, 2022. http://dx.doi.org/10.15407/akademperiodyka.458.297.

Full text
Abstract:
The book is devoted to the research and development of methods for combining computational structures for reconfigurable signature-based information protection tools for computer systems and networks in order to increase their efficiency. Network security tools based, among others, on such AI-based approaches as deep neural networking, despite the great progress shown in recent years, still suffer from nonzero recognition error probability. Even a low probability of such an error in a critical infrastructure can be disastrous. Therefore, signature-based recognition methods with their theoretically exact matching feature are still relevant when creating information security systems such as network intrusion detection systems, antivirus, anti-spam, and wormcontainment systems. The real time multi-pattern string matching task has been a major performance bottleneck in such systems. To speed up the recognition process, developers use a reconfigurable hardware platform based on FPGA devices. Such platform provides almost software flexibility and near-ASIC performance. The most important component of a signature-based information security system in terms of efficiency is the recognition module, in which the multipattern matching task is directly solved. It must not only check each byte of input data at speeds of tens and hundreds of gigabits/sec against hundreds of thousand or even millions patterns of signature database, but also change its structure every time a new signature appears or the operating conditions of the protected system change. As a result of the analysis of numerous examples of the development of reconfigurable information security systems, three most promising approaches to the construction of hardware circuits of recognition modules were identified, namely, content-addressable memory based on digital comparators, Bloom filter and Aho–Corasick finite automata. A method for fast quantification of components of recognition module and the entire system was proposed. The method makes it possible to exclude resource-intensive procedures for synthesizing digital circuits on FPGAs when building complex reconfigurable information security systems and their components. To improve the efficiency of the systems under study, structural-level combinational methods are proposed, which allow combining into single recognition device several matching schemes built on different approaches and their modifications, in such a way that their advantages are enhanced and disadvantages are eliminated. In order to achieve the maximum efficiency of combining methods, optimization methods are used. The methods of: parallel combining, sequential cascading and vertical junction have been formulated and investigated. The principle of multi-level combining of combining methods is also considered and researched. Algorithms for the implementation of the proposed combining methods have been developed. Software has been created that allows to conduct experiments with the developed methods and tools. Quantitative estimates are obtained for increasing the efficiency of constructing recognition modules as a result of using combination methods. The issue of optimization of reconfigurable devices presented in hardware description languages is considered. A modification of the method of affine transformations, which allows parallelizing such cycles that cannot be optimized by other methods, was presented. In order to facilitate the practical application of the developed methods and tools, a web service using high-performance computer technologies of grid and cloud computing was considered. The proposed methods to increase efficiency of matching procedure can also be used to solve important problems in other fields of science as data mining, analysis of DNA molecules, etc. Keywords: information security, signature, multi-pattern matching, FPGA, structural combining, efficiency, optimization, hardware description language.
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "Signature-based intrusion detection"

1

Sy, Bon K. "Signature-Based Approach for Intrusion Detection." In Machine Learning and Data Mining in Pattern Recognition, 526–36. Berlin, Heidelberg: Springer Berlin Heidelberg, 2005. http://dx.doi.org/10.1007/11510888_52.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Shaikh, Asma, and Preeti Gupta. "Advanced Signature-Based Intrusion Detection System." In Intelligent Communication Technologies and Virtual Mobile Networks, 305–21. Singapore: Springer Nature Singapore, 2022. http://dx.doi.org/10.1007/978-981-19-1844-5_24.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Fan, Wenjun, Shubham Kumar, Sang-Yoon Chang, and Younghee Park. "A Blockchain-Based Retribution Mechanism for Collaborative Intrusion Detection." In Silicon Valley Cybersecurity Conference, 57–73. Cham: Springer Nature Switzerland, 2022. http://dx.doi.org/10.1007/978-3-031-24049-2_4.

Full text
Abstract:
AbstractCollaborative intrusion detection approach uses the shared detection signature between the collaborative participants to facilitate coordinated defense. In the context of collaborative intrusion detection system (CIDS), however, there is no research focusing on the efficiency of the shared detection signature. The inefficient detection signature costs not only the IDS resource but also the process of the peer-to-peer (P2P) network. In this paper, we therefore propose a blockchain-based retribution mechanism, which aims to incentivize the participants to contribute to verifying the efficiency of the detection signature in terms of certain distributed consensus. We implement a prototype using Ethereum blockchain, which instantiates a token-based retribution mechanism and a smart contract-enabled voting-based distributed consensus. We conduct a number of experiments built on the prototype, and the experimental results demonstrate the effectiveness of the proposed approach.
APA, Harvard, Vancouver, ISO, and other styles
4

Li, Zhuowei, Amitabha Das, and Jianying Zhou. "USAID: Unifying Signature-Based and Anomaly-Based Intrusion Detection." In Advances in Knowledge Discovery and Data Mining, 702–12. Berlin, Heidelberg: Springer Berlin Heidelberg, 2005. http://dx.doi.org/10.1007/11430919_81.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Sangeetha, S., B. Gayathri devi, R. Ramya, M. K. Dharani, and P. Sathya. "Signature Based Semantic Intrusion Detection System on Cloud." In Advances in Intelligent Systems and Computing, 657–66. New Delhi: Springer India, 2015. http://dx.doi.org/10.1007/978-81-322-2250-7_66.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Kruegel, Christopher, and Thomas Toth. "Using Decision Trees to Improve Signature-Based Intrusion Detection." In Lecture Notes in Computer Science, 173–91. Berlin, Heidelberg: Springer Berlin Heidelberg, 2003. http://dx.doi.org/10.1007/978-3-540-45248-5_10.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Serrano, José Manuel Bande, José Hernández Palancar, and René Cumplido. "High Throughput Signature Based Platform for Network Intrusion Detection." In Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications, 544–51. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-41827-3_68.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Yedukondalu, G., J. Anand Chandulal, and M. Srinivasa Rao. "Host-Based Intrusion Detection System Using File Signature Technique." In Innovations in Computer Science and Engineering, 225–32. Singapore: Springer Singapore, 2017. http://dx.doi.org/10.1007/978-981-10-3818-1_25.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Iyer, J. Visweswara. "Intrusion Detection System Using Signature-Based Detection and Data Mining Technique." In Studies in Autonomic, Data-driven and Industrial Computing, 129–43. Singapore: Springer Nature Singapore, 2022. http://dx.doi.org/10.1007/978-981-19-5689-8_9.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Mehrotra, Latika, and Prashant Sahai Saxena. "An Assessment Report on: Statistics-Based and Signature-Based Intrusion Detection Techniques." In Information and Communication Technology, 321–27. Singapore: Springer Singapore, 2017. http://dx.doi.org/10.1007/978-981-10-5508-9_31.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Signature-based intrusion detection"

1

Kumar, Roshan, and Deepak Sharma. "Signature-Anomaly Based Intrusion Detection Algorithm." In 2018 Second International Conference on Electronics, Communication and Aerospace Technology (ICECA). IEEE, 2018. http://dx.doi.org/10.1109/iceca.2018.8474781.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Malek, Zakiyabanu S., Bhushan Trivedi, and Axita Shah. "User behavior Pattern -Signature based Intrusion Detection." In 2020 Fourth World Conference on Smart Trends in Systems Security and Sustainablity (WorldS4). IEEE, 2020. http://dx.doi.org/10.1109/worlds450073.2020.9210368.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Aldwairi, Monther, Mohammad A. Alshboul, and Asmaa Seyam. "Characterizing Realistic Signature-based Intrusion Detection Benchmarks." In the 6th International Conference. New York, New York, USA: ACM Press, 2018. http://dx.doi.org/10.1145/3301551.3301591.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Lassez, Jean-Louis, Ryan Rossi, Stephen Sheel, and Srinivas Mukkamala. "Signature based intrusion detection using latent semantic analysis." In 2008 IEEE International Joint Conference on Neural Networks (IJCNN 2008 - Hong Kong). IEEE, 2008. http://dx.doi.org/10.1109/ijcnn.2008.4633931.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Tug, Steven, Weizhi Meng, and Yu Wang. "CBSigIDS: Towards Collaborative Blockchained Signature-Based Intrusion Detection." In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 2018. http://dx.doi.org/10.1109/cybermatics_2018.2018.00217.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Yanfang Zhang, Fuxiang Gao, Yujie Guo, and Xu Liu. "Research on intrusion detection approach based on signature generation." In 2010 Second Pacific-Asia Conference on Circuits,Communications and System (PACCS). IEEE, 2010. http://dx.doi.org/10.1109/paccs.2010.5626672.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Tran, Ngoc Thinh, Shigenori Tomiyama, Surin Kittitornkun, and Tran Huy Vu. "TCP reassembly for signature-based Network Intrusion Detection systems." In 2012 9th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON 2012). IEEE, 2012. http://dx.doi.org/10.1109/ecticon.2012.6254336.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Payer, Garrett, Chris McCormick, and Richard Harang. "Applying hardware-based machine learning to signature-based network intrusion detection." In SPIE Sensing Technology + Applications, edited by Misty Blowers and Jonathan Williams. SPIE, 2014. http://dx.doi.org/10.1117/12.2052548.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Payer, Garrett, Chris McCormick, and Richard Harang. "Applying hardware-based machine learning to signature-based network intrusion detection." In SPIE Defense + Security, edited by Igor V. Ternovskiy and Peter Chin. SPIE, 2014. http://dx.doi.org/10.1117/12.2049890.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Kazachkin, Dmitry, and Dennis Gamayunov. "Network Traffic Analysis Optimization at Signature-Based Intrusion Detection Systems." In Spring/Summer Young Researchers' Colloquium on Software Engineering. Institute for System Programming of the Russian Academy of Sciences, 2008. http://dx.doi.org/10.15514/syrcose-2008-2-5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Signature-based intrusion detection' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography