A cloud-based architecture for network attack signature learning

Intrusion Detection System (IDS) is an essential component of the network security infrastructure. It detects malicious activities by monitoring network traffic. There are two main classes of IDS: the anomaly-based IDS and signature-based IDS. An important challenge, for signature-based IDS, is auto...

Full description

Saved in:
Bibliographic Details
Main Authors: Hamdi, Omessaad, Mbaye, Maissa, Krief, Francine
Format: Conference Proceeding
Language:English
Subjects:
attack signature
Cloud computing
Grammar
Inductive Logic Programming
Intrusion detection
Intrusion Detection System
IP networks
Logic programming
Protocols
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Intrusion Detection System (IDS) is an essential component of the network security infrastructure. It detects malicious activities by monitoring network traffic. There are two main classes of IDS: the anomaly-based IDS and signature-based IDS. An important challenge, for signature-based IDS, is automating attack signature writing from traffic logs, which can be very hard to be established for human administrator. In this paper, we propose a solution addressing this challenge. We propose cloud-based signature learning service using Inductive Logic Programming (ILP). Learning service generates rule describing properties shared by packets labelled as malicious and that do not cover normal packets. The system uses a background knowledge composed of predicates used to describe network attack signature. The cloud architecture of our IDS enables it to have specialized nodes. Preliminary experimentations show that the proposed system is able to reproduce automatically SNORT signature.
ISSN:2157-4952
DOI:10.1109/NTMS.2015.7266461