期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2015
卷号:81
期号:3
出版社:Journal of Theoretical and Applied
摘要:Attacks on computer network are increasing everyday and most institution use Intrusion Detection System (IDS) to cope with that and most used IDS is the signature-based IDS, which need a database of rules when looking for an malicious packet. Yet there are two problems with this kind of IDS, first, not all people are able to create a signature or rule, therefore they need to wait for updates if they want to renew their database. Secondly, zero-day attack, attack that has never been happened before, is the main weakness of this IDS due to absence of its signature. We proposed Coro, an IDS signature generator that create an IDS rules based on honeypot log data. Coro uses graph clustering that make it be able to cluster data without the need to recompute the centroid. Coro focuses on HTTP, as it will be used to harden our e-voting system, but it is possible to be extended to other protocols. Our experiment showed that Coro was able to cluster around 5000 request in a short time and our graph clustering was a big help to that. Moreover, two threshold value used and data preprocessing in that experiment affected amount and quality of the generated rules.