Please use this identifier to cite or link to this item: https://repository.cihe.edu.hk/jspui/handle/cihe/1291
DC FieldValueLanguage
dc.contributor.authorChan, Anthony Hing-Hungen_US
dc.contributor.otherBarry, B. I. A.-
dc.date.accessioned2021-08-13T09:13:19Z-
dc.date.available2021-08-13T09:13:19Z-
dc.date.issued2009-
dc.identifier.urihttps://repository.cihe.edu.hk/jspui/handle/cihe/1291-
dc.description.abstractSignature-based intrusion detection systems (IDSs) have the advantages of producing a lower false alarm rate and using less system resources compared to anomaly based systems. However, they are susceptible to obfuscation used by attackers to introduce new variants of the attacks stored in the database. Some of the disadvantages of signature-based IDSs can be attributed to the fact that they are mostly purely syntactic and ignore the semantics of the monitored systems. In this paper, we present the design and implementation of a signature database that assists a Specification-based IDS in a converged environment. Our design is novel in terms of considering the semantics of the monitored protocols alongside their syntax. Our protocol semantics awareness is based on the state transition analysis technique which models intrusions at a high level using state transition diagrams. The signature database is hierarchically designed to insure a balance between ease of use and fast retrieval in real time. The database prototype is tested against some implemented attacks and shows promising efficiency.en_US
dc.language.isoenen_US
dc.publisherWileyen_US
dc.relation.ispartofSecurity and Communication Networksen_US
dc.titleSyntax and semantics-based signature database for hybrid intrusion detection systemsen_US
dc.typejournal articleen_US
dc.identifier.doi10.1002/sec.77-
dc.contributor.affiliationSchool of Computing and Information Sciencesen_US
dc.relation.issn1939-0122en_US
dc.description.volume2en_US
dc.description.issue6en_US
dc.description.startpage457en_US
dc.description.endpage475en_US
dc.cihe.affiliatedNo-
item.languageiso639-1en-
item.fulltextWith Fulltext-
item.openairetypejournal article-
item.grantfulltextopen-
item.openairecristypehttp://purl.org/coar/resource_type/c_6501-
item.cerifentitytypePublications-
crisitem.author.deptYam Pak Charitable Foundation School of Computing and Information Sciences-
crisitem.author.orcid0000-0001-7479-0787-
Appears in Collections:CIS Publication
Files in This Item:
File Description SizeFormat
View Online79 BHTMLView/Open
SFX Query Show simple item record

Google ScholarTM

Check

Altmetric

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.