A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Jaw, Ebrima; Wang, Xueming

doi:10.7717/peerj-cs.900

Cited by 9 publications

(3 citation statements)

References 65 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Snort rule generation method proposed by Jaw et al [17] does not use black-box methods such as machine learning, but focuses only on individual accesses and does not consider the variant perspective.…”

Section: Pattern Generation Methods For Application To Ips and Idsmentioning

confidence: 99%

Defense Mechanism to Generate IPS Rules from Honeypot Logs and Its Application to Log4Shell Attack and Its Variants

Yamamoto

Yamaguchi

2023

Electronics

View full text Add to dashboard Cite

The vulnerability of Apache Log4j, Log4Shell, is known for its widespread impact; many attacks that exploit Log4Shell use obfuscated attack patterns, and Log4Shell has revealed the importance of addressing such variants. However, there is no research which focuses on the response to variants. In this paper, we propose a defense system that can protect against variants as well as known attacks. The proposed defense system can be divided into three parts: honeypots, machine learning, and rule generation. Honeypots are used to collect data, which can be used to obtain information about the latest attacks. In machine learning, the data collected by honeypots are used to determine whether it is an attack or not. It generates rules that can be applied to an IPS (Intrusion Prevention System) to block access that is determined to be an attack. To investigate the effectiveness of this system, an experiment was conducted using test data collected by honeypots, with the conventional method using Suricata, an IPS, as a comparison. Experimental results show that the discrimination performance of the proposed method against variant attacks is about 50% higher than that of the conventional method, indicating that the proposed method is an effective method against variant attacks.

show abstract

Section: Pattern Generation Methods For Application To Ips and Idsmentioning

confidence: 99%

Defense Mechanism to Generate IPS Rules from Honeypot Logs and Its Application to Log4Shell Attack and Its Variants

Yamamoto

Yamaguchi

2023

Electronics

View full text Add to dashboard Cite

show abstract

“…emule is a popular file sharing application which is based on the eDonkey and Kademlia protocol [8].…”

Section: Background and Related Work 1 Backgroundmentioning

confidence: 99%

A New Approach to Detect P2p Traffic Based on Signatures Analysis

Mazri,

Mehdi

2024

RECIMA21

View full text Add to dashboard Cite

In recent years, peer-to-peer (P2P) networks have gained more popularity in the form of file-sharing applications, such as uTorrent and eMule, that use BitTorrent and eDonkey protocols. With such popularity comes security risks and external attacks; the latter is often associated with information hacking. In this paper, we will introduce a new way to monitor and detect the use of each of the P2P applications within the corporate network. Based on the inspection of traffic packets in order to extract digital signatures of these applications using the open-source packet analysis program "Wireshark," in addition to using the well-known Snort intrusion detection system (IDS) with a number of adequate and new rules, this solution can allow us to receive powerful warning messages that detect the presence of P2P applications inside the network. We implemented our rules in Snort IDS. Over a period of time, this solution allowed us to achieve 96% effectiveness in detecting the presence of P2P applications.

show abstract

“…Thus, it has a unique feature of high detection rate and accuracy. However, it cannot detect novel attacks and, at the same time, it requires expert knowledge to create and update rules frequently, which is both costly and faulty [18].…”

Section: Snort Stagementioning

confidence: 99%

Implementation of signature-based intrusion detection system using SNORT to prevent threats in network servers

2022

joscex

View full text Add to dashboard Cite

Security is an important factor in today's digital era. In a network, implementing a security system is the focus of a network developer. One of the most basic network securities is in the form of access. To manage the security of a system must be known in advance who is involved in the system and what activities are carried out. Just like a security alarm, which monitors work conditions, this is the function of the Intrusion Detection System (IDS). IDS has several effective methods for detecting threats, one of which is the Signature-based method. IDS can be implemented through the open-source SNORT application, and the method works with rules which are commands to IDS to recognize various attacks. IDS rules will be included in the signature matching process, which means matching between rules and incoming attacks and views of both protocols, then the IDS will generate alerts that contain notifications. This study conducted a reading of the MIT-DARPA 1999 dataset on 1,252,412 packages and tested alerting with Network Scanning and DoS attacks. Analyze Package Data runs at a speed of 83,494 packets /second and gets a true positive percentage reaching 100% and an accuracy of 98.10%.

show abstract

A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)

Cited by 9 publications

References 65 publications

Defense Mechanism to Generate IPS Rules from Honeypot Logs and Its Application to Log4Shell Attack and Its Variants

Defense Mechanism to Generate IPS Rules from Honeypot Logs and Its Application to Log4Shell Attack and Its Variants

A New Approach to Detect P2p Traffic Based on Signatures Analysis

Implementation of signature-based intrusion detection system using SNORT to prevent threats in network servers

Contact Info

Product

Resources

About