An evaluation of single character frequency-based exclusive signature matching in distinct IDS environments

Weizhi Meng, Weizhi Meng, Wenjuan Li, Lam For Kwok

Research output: Chapter in book / Conference proceedingChapter in an edited book (as author)Academic researchpeer-review

11 Citations (Scopus)

Abstract

The signature-based intrusion detection systems are one of the most commonly used software to protect computer networks by comparing incoming traffic with stored signatures. However, the process of signature matching is a key challenge, in which the workload is generally at least linear to the size of a target string. To solve this problem, exclusive signature matching (ESM) has been proposed based on the observation that most network packets would not match any IDS signatures. But this kind of schemes like the single character frequency-based ESM has not been extensively evaluated. In this paper, our interests are to verify the observation above and evaluate the single character frequency-based ESM in regular networks and hostile environments respectively. In the hostile experiment, we specifically design two malicious situations to test the scheme performance. The experimental results show that the single character frequency-based ESM works fine in a regular network, but its performance would be greatly decreased in a hostile environment.

Original languageEnglish
Title of host publicationInformation Security - 17th International Conference, ISC 2014, Proceedings
EditorsSherman S.M. Chow, Jan Camenisch, Lucas C.K. Hui, Siu Ming Yiu
PublisherSpringer Verlag
Pages465-476
Number of pages12
ISBN (Electronic)9783319132563
DOIs
Publication statusPublished - 2014
Externally publishedYes

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8783
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Keywords

  • Exclusive Signature Matching
  • Intrusion Detection
  • Network Security
  • Performance Evaluation
  • Single Character Frequency

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'An evaluation of single character frequency-based exclusive signature matching in distinct IDS environments'. Together they form a unique fingerprint.

Cite this