Text algorithms
A fast string searching algorithm
Communications of the ACM
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
DNS and BIND
Machine Learning
Fast Content-Based Packet Handling for Intrusion Detection
Fast Content-Based Packet Handling for Intrusion Detection
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Introduction to Data Mining, (First Edition)
Introduction to Data Mining, (First Edition)
Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Dynamic application-layer protocol analysis for network intrusion detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Research of NIDS in IPV6 Based on Protocol Analysis and Pattern Matching
WKDD '09 Proceedings of the 2009 Second International Workshop on Knowledge Discovery and Data Mining
Wireless telemedicine and m-health: technologies, applications and research issues
International Journal of Sensor Networks
Online internet intrusion detection based on flow statistical characteristics
KSEM'11 Proceedings of the 5th international conference on Knowledge Science, Engineering and Management
A survey of security visualization for computer network logs
Security and Communication Networks
Security and Communication Networks
Accountability and Q-Accountable Logging in Wireless Networks
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
Pattern matching is a crucial factor for deriving efficient intrusion detection. However Network Intrusion Detection Systems (NIDSs) frequently ignore data semantics of captured packets and have to consider the whole payloads leading to false positives if attacks signatures are found in incorrect positions. Therefore NIDSs have to investigate in packets contents in order to determine how application layer protocols are used. We propose a combination of pattern matching and protocol analysis to better detect intrusions. While the first detection method relies on a multi-pattern matching algorithm, the second one benefits from a decision tree to select in each analysis step, the efficient test.