Efficient decision tree for protocol analysis in intrusion detection

Authors:
T. Abbes;A. Bouhoula;M. Rusinowitch
Affiliations:
Higher Institute of Electronics and Telecommunication of Sfax, University of Sfax, Tunisia, Route Menzel Chaker, Sfax 3000, Tunisia.;Higher School of Communication of Tunis (Sup;Com), University of 7th November at Carthage, Tunisia, City of Communication Technologies 2083 – ARIANA.
Venue:
International Journal of Security and Networks
Year:
2010

Citing 12
Cited 5

Text algorithms

Text algorithms
A fast string searching algorithm

Communications of the ACM
Efficient string matching: an aid to bibliographic search

Communications of the ACM
Service specific anomaly detection for network intrusion detection

Proceedings of the 2002 ACM symposium on Applied computing
DNS and BIND

DNS and BIND
Induction of Decision Trees

Machine Learning
Fast Content-Based Packet Handling for Intrusion Detection

Fast Content-Based Packet Handling for Intrusion Detection
Enhancing byte-level network intrusion detection signatures with context

Proceedings of the 10th ACM conference on Computer and communications security
Introduction to Data Mining, (First Edition)

Introduction to Data Mining, (First Edition)
Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Dynamic application-layer protocol analysis for network intrusion detection

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Research of NIDS in IPV6 Based on Protocol Analysis and Pattern Matching

WKDD '09 Proceedings of the 2009 Second International Workshop on Knowledge Discovery and Data Mining

Wireless telemedicine and m-health: technologies, applications and research issues

International Journal of Sensor Networks
Online internet intrusion detection based on flow statistical characteristics

KSEM'11 Proceedings of the 5th international conference on Knowledge Science, Engineering and Management
A survey of security visualization for computer network logs

Security and Communication Networks
A survey of cyber crimes

Security and Communication Networks
Accountability and Q-Accountable Logging in Wireless Networks

Wireless Personal Communications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Pattern matching is a crucial factor for deriving efficient intrusion detection. However Network Intrusion Detection Systems (NIDSs) frequently ignore data semantics of captured packets and have to consider the whole payloads leading to false positives if attacks signatures are found in incorrect positions. Therefore NIDSs have to investigate in packets contents in order to determine how application layer protocols are used. We propose a combination of pattern matching and protocol analysis to better detect intrusions. While the first detection method relies on a multi-pattern matching algorithm, the second one benefits from a decision tree to select in each analysis step, the efficient test.