A Threat-Aware Signature Based Intrusion-Detection Approach for Obtaining Network-Specific Useful Alarms

Neelakantan, Subramanian; Rao, Shrisha

doi:10.1109/icimp.2008.24

Cited by 14 publications

(11 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The maximum range for the D function relies on the range of programme P, which is defined as SET {malicious, genial} [16].…”

Section: Approaches To Malware Detection and Analysismentioning

confidence: 99%

“…D detects the malware on the basis of the machine code, which stores the particulars, or the 'signature', of the malware. The investigation may yield one of three outcomes: false positive, false negative or the hit ratio [16].…”

Section: Approaches To Malware Detection and Analysismentioning

confidence: 99%

“…Polymorphic is the most common. As this type of malware hides its identity and source of generation, it becomes very hard for investigators to collect evidence against the plotter [16]. In basic malware, the source, or the 'initial point', of the programme is reformed, and complete control of the system is transmitted to the malicious payload.…”

Section: Signature-based Detection and Analysismentioning

confidence: 99%

“…Metamorphic malware is based on reprogramming, which modulates the characteristics of the parent programme. This produces a new signature for each child variant that is created at a later stage [16].…”

Section: Signature-based Detection and Analysismentioning

confidence: 99%

See 3 more Smart Citations

Optimised Malware Detection in Digital Forensics

Almarri¹,

Sant²

2014

IJNSA

View full text Add to dashboard Cite

show abstract

“…The maximum range for the D function relies on the range of programme P, which is defined as SET {malicious, genial} [16].…”

Section: Approaches To Malware Detection and Analysismentioning

confidence: 99%

Section: Approaches To Malware Detection and Analysismentioning

confidence: 99%

Section: Signature-based Detection and Analysismentioning

confidence: 99%

Section: Signature-based Detection and Analysismentioning

confidence: 99%

See 2 more Smart Citations

Optimised Malware Detection in Digital Forensics

Almarri¹,

Sant²

2014

IJNSA

View full text Add to dashboard Cite

show abstract

“…The security issues generally depend on traffic load, the size of network, security procedures implemented, etc. Neelakantan [20] stated that network intrusion detection systems must process lot of network data in a short time, these systems require a good deal of processing power, high random access memory (RAM) and large space to log information for any signature based intrusion detection systems. Simon Edwards [5] states that many deployments result in missed intrusions and network vulnerabilities.…”

Section: Host Network and Stegano Idsmentioning

confidence: 99%

Intrusion Detection Systems - Analysis and Containment of False Positives Alerts

Victor¹,

Rao²,

Venkaiah³

2010

IJCA

View full text Add to dashboard Cite

The dependence on information technology became critical and IT infrastructure, critical data, intangible intellectual property are vulnerable to threats and attacks. Organizations install Intrusion Detection Systems (IDS) to alert suspicious traffic or activity. IDS generate a large number of alerts and most of them are false positive as the behavior construe for partial attack pattern or lack of environment knowledge. Monitoring and identifying risky alerts is a major concern to security administrator. The present work is to design an operational model for minimization of false positive alarms, including recurring alarms by security administrator. The architecture, design and performance of model in minimization of false positives in IDS are explored and the experimental results are presented with reference to lab environment.

show abstract

A test of intrusion alert filtering based on network information

Sommestad

Franke

2015

Security Comm. Networks

View full text Add to dashboard Cite

Intrusion detection systems continue to be a promising security technology. The arguably biggest problem with today's intrusion detection systems is the sheer number of alerts they produce for events that are regarded as benign or non‐critical by system administrators. A plethora of more and less complex solutions has been proposed to filter the relevant (i.e., correct) alerts that signature‐based intrusion detection sensors produce. This paper reports on a test performed to test a number of filtering alternatives that take advantage of information about static properties of the monitored computer network, such as vulnerabilities and exposure of ports and hosts. The results show that none of the filters are able to maintain a high recall (portion of detected attacks) while increasing the precision (portion of relevant alerts). At most, precision increased from 1.4% to 2.9%, and this also resulted in a decrease in recall from 44% to 26%. Even when combined in an exploratory fashion, the filters fail to provide improved precision. It is concluded that filters based on static properties of the computer network do not result in clear improvements to alert lists produced by signature‐based intrusion detection systems. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

A Threat-Aware Signature Based Intrusion-Detection Approach for Obtaining Network-Specific Useful Alarms

Cited by 14 publications

References 5 publications

Optimised Malware Detection in Digital Forensics

Optimised Malware Detection in Digital Forensics

Intrusion Detection Systems - Analysis and Containment of False Positives Alerts

A test of intrusion alert filtering based on network information

Contact Info

Product

Resources

About