Journal article

Rule Generalisation in Intrusion Detection Systems using Snort

Uwe Aickelin, Jamie Twycross, Thomas Hesketh-Roberts

International Journal of Electronic Security and Digital Forensics | Inderscience Publishers | Published : 2007

Abstract

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS’s responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this activity. The majority of IDSs use a set of signatures that define what suspicious traffic is, and SNORT is one popular and actively developing open-source IDS that uses such a set of signatures known as SNORT rules. Our aim is to identify a way in which SNORT could be developed further by generalising rules to identify novel attacks. In particular, we attempted to relax and vary the conditions and parameters of current SNORT rules, using a similar a..

View full abstract

University of Melbourne Researchers

Grants

Citation metrics