期刊名称:International Journal on Computer Science and Engineering
印刷版ISSN:2229-5631
电子版ISSN:0975-3397
出版年度:2012
卷号:4
期号:03
页码:348-355
出版社:Engg Journals Publications
摘要:Byte sequences are used in multiple network intrusion detection systems (NIDS) as signatures to detect nasty activity. Though being highly competent, a high rate of false-positive rate is found. Here we suggest the concept of contextual signatures as an enhancement to string-based signaturematching. Instead of matching isolated fixed strings, we enhance the matching process with added context. While designing a proficient signature engine for the NIDS, we provide low-level perspective by using regular expressions for matching, and high-level perspective by taking advantage of the semantic information made available by protocol analysis and scripting language. Thereafter, we greatly augment the signature�s articulateness and hence the ability to reduce false positives. Multiple examples are presented such as matching request matching with replies, using environmental knowledge, defining dependencies between signatures to model step-wise attacks, and recognizing exploit scans.
