Survey on Updating IDSs’ Signatures Databases

Mutep Yahya Alyousef, Nabih T Arar

Abstract

With the rapid development and growth of the internet and networking, greater numbers of attacks are arising that threaten networks and information security alike. Thus, different types of intrusion detection systems (IDSs) have been introduced: either signature-based IDSs, anomaly-based IDSs, or a hybrid of both. Many IDSs that have adopted the signature-based method suffer from many challenges, one of these challenges is how to detect a new attack in the incoming traffic that its signature doesn’t stored in the known signatures database, while at the same time keeping the rate of false-positive alarms low. Many IDSs update their signatures databases from time to time through the internet or by relying on the network administrator to manually update the database with new attack signatures. Manual updating is a labour-intensive process, can be prone to errors, and is not always practical. This is a survey paper on the various studies regarding the updating process for known IDSs’ signatures databases over time.

Full Text:

PDF

References

S. I. Philippe Bunel, “An introduction to intrusion detection systems,” GSEC, p. 15, 2004.

U. Bashir and M. Chachoo, “Intrusion detection and prevention system: Challenges & opportunities,” in 2014 IEEE Int Conf on Computing for Sustainable Global Development (INDIACom), pp. 806–809.

K. R. Rao, A. Pal, and M. Patra, “A service oriented architectural design for building intrusion detection systems,” International Journal of Recent Trends in Engineering, vol. 1, no. 2, 2009.

A. Sharma, A. K. Pujari, and K. K. Paliwal, "Intrusion detection using text processing techniques with a kernel-based similarity measure," Computers & Security, vol. 26, no. 7, pp. 488–495, 2007.

C. Xenakis, C. Panos, and I. Stavrakakis, “A comparative evaluation of intrusion detection architectures for mobile ad hoc networks,” Computers & Security, vol. 30, no. 1, pp. 63-80, 2011.

M. Salour and X. Su, “Dynamic two-layer signature-based ids with unequal databases,” in 4th IEEE Int Conf on Information Technology, ITNG'07, pp. 77–82, 2007.

M. Uddin, A. A. Rahman, N. Uddin, J. Memon, R. A. Alsaqour, and S. Kazi, “Signature-based multi-layer distributed intrusion detection system using mobile agents,” IJ Network Security, vol. 15, no. 2, pp. 97– 105, 2013.

H. G. A. Umar, C. Li, and Z. Ahmad, “Parallel component agent architecture to improve the efficiency of signature based NIDS,” Journal of Advances in Computer Networks, vol. 2, no. 4, 2014.

O. Folorunso, F. E. Ayo, and Y. Babalola, “Ca- NIDS: A network intrusion detection system using combinatorial algorithm approach,” Journal of Information Privacy and Security, vol. 12, no. 4, pp. 181–196, 2016.

Abdullah H Almutairi, & Nabih T Abdelmajeed. (2017, October). Innovative Signature Based Intrusion Detection System. In Information Technology, 2017. FADS. 1st International Conference on Frontier and Advances in Data Science on (pp. 1-7). IEEE

Refbacks

  • There are currently no refbacks.