Survey on Updating IDSs’ Signatures Databases

Mutep Yahya Al-Yosef; Nabih T. Arar

doi:10.26735/16587790.2018.005

PDF

Published 30-05-2018

DOI https://doi.org/10.26735/16587790.2018.005

How to Cite

[1]

M. Y. Al-Yosef and N. T. Arar, “Survey on Updating IDSs’ Signatures Databases”, JISCR, vol. 1, no. 1, pp. 40-48, May 2018.

Download Citation

Mutep Yahya Al-Yosef

T Department, Saudi Civil Defense, Riyadh, Saudi Arabia.

Nabih T. Arar

Department of Network Security, College of Computer and Information Security, Naif Arab University for Security Sciences, Riyadh, Saudi Arabia.

Abstract

With the rapid development and growth of the internet and networking, greater numbers of attacks are arising that
threaten networks and information security alike. Thus, different types of intrusion detection systems (IDSs) have
been introduced: either signature-based IDSs, anomaly-based IDSs, or a hybrid of both. Many IDSs that have adopted
the signature-based method suffer from many challenges, one of these challenges is how to detect a new attack in the
incoming traffic that its signature doesn’t stored in the known signatures database, while at the same time keeping the rate
of false-positive alarms low. Many IDSs update their signatures databases from time to time through the internet or by
relying on the network administrator to manually update the database with new attack signatures. Manual updating is a
labour-intensive process, can be prone to errors, and is not always practical. This is a survey paper on the various studies
regarding the updating process for known IDSs’ signatures databases over time.