PIECEWISE CLASSIFICATION OF ATTACK PATTERNS FOR EFFICIENT NETWORK INTRUSION DETECTION

Abdelhalim Zaidi, Nazim Agoulmine, Tayeb Kenaza

2010

Abstract

This paper presents a new scheme to improve the efficiency of pattern matching algorithms. The proposed approach is based on a piecewise classification of patterns using the common substrings. The main idea is to split the whole set of patterns into small subsets in accordance to the common substrings and treat the subsets independently. To reduce the number of patterns to match, we use the common substrings as an index for the search. We show that are our algorihtm is capable to outcome in term of performance other reference algorithms, such as Aho-Corasick.

References

  1. Beale, J et al., 2007. “Snort IDS and IPS Toolkit”. Syngress, ISBN 1-59749-099-7.
  2. Gusfield, D., 1997. “Algorithms on strings, trees, and sequences: Computer Science and Computational Biology”. CAMBRIDGE University Press, ISBN 0- 521-58519-8.
  3. Anagnostakis, K. G, Markatos, E. P, Antonatos, S, Polychronakis, M., 2003. “E2XB: A domainspecific string matching algorithm for intrusion detection”. In Proceedings of the 18th IFIP International Information SecurityConference (SEC2003).
  4. Wu, S, Manber, Udi., 1994. “A Fast Algorithm For MultiPattern Searching”. Technical Report TR 94-17, University of Arizona at Tuscon.
  5. Boyer, R. S, Moore, J. S., 1977. “A fast string searching algorithm”. Communications of the ACM20.
  6. Aho, A. V, Corasick, M. J., 1975, “Efficient string matching: an aid to bibliographic search”. Communications of the ACM18.
  7. Horspool, R. N., 1980. “Practical fast searching in strings”. Software Practice and Experience, vol. 10, no. 6.
  8. Fisk, M, Varghese, G., 2002. “An analysis of fast string matching applied to content-based forwarding and intrusion detection”. Technical Report CS2001-0670 (updated version), University of California - San Diego.
  9. Coit, C. J, Staniford, S, McAlerney, J., 2002. “Towards faster pattern matching for intrusion detection, or exceeding the speed of snort”. In Proceedings of the 2nd DARPA Information Survivability Conference and Exposition (DISCEX II).
  10. SNORT web site, 2009. www.snort.org
Download


Paper Citation


in Harvard Style

Zaidi A., Agoulmine N. and Kenaza T. (2010). PIECEWISE CLASSIFICATION OF ATTACK PATTERNS FOR EFFICIENT NETWORK INTRUSION DETECTION . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 100-104. DOI: 10.5220/0003033101000104


in Bibtex Style

@conference{secrypt10,
author={Abdelhalim Zaidi and Nazim Agoulmine and Tayeb Kenaza},
title={PIECEWISE CLASSIFICATION OF ATTACK PATTERNS FOR EFFICIENT NETWORK INTRUSION DETECTION},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={100-104},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003033101000104},
isbn={978-989-8425-18-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - PIECEWISE CLASSIFICATION OF ATTACK PATTERNS FOR EFFICIENT NETWORK INTRUSION DETECTION
SN - 978-989-8425-18-8
AU - Zaidi A.
AU - Agoulmine N.
AU - Kenaza T.
PY - 2010
SP - 100
EP - 104
DO - 10.5220/0003033101000104