@inbook{1903dd3fb73a4a82aff8db1b4f2c15f2,
title = "An evaluation of single character frequency-based exclusive signature matching in distinct IDS environments",
abstract = "The signature-based intrusion detection systems are one of the most commonly used software to protect computer networks by comparing incoming traffic with stored signatures. However, the process of signature matching is a key challenge, in which the workload is generally at least linear to the size of a target string. To solve this problem, exclusive signature matching (ESM) has been proposed based on the observation that most network packets would not match any IDS signatures. But this kind of schemes like the single character frequency-based ESM has not been extensively evaluated. In this paper, our interests are to verify the observation above and evaluate the single character frequency-based ESM in regular networks and hostile environments respectively. In the hostile experiment, we specifically design two malicious situations to test the scheme performance. The experimental results show that the single character frequency-based ESM works fine in a regular network, but its performance would be greatly decreased in a hostile environment.",
keywords = "Exclusive Signature Matching, Intrusion Detection, Network Security, Performance Evaluation, Single Character Frequency",
author = "Weizhi Meng and Weizhi Meng and Wenjuan Li and Kwok, {Lam For}",
note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2014.",
year = "2014",
doi = "10.1007/978-3-319-13257-0_29",
language = "English",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "465--476",
editor = "Chow, {Sherman S.M.} and Jan Camenisch and Hui, {Lucas C.K.} and Yiu, {Siu Ming}",
booktitle = "Information Security - 17th International Conference, ISC 2014, Proceedings",
address = "Germany",
}