Performance enhancement of a Malware Detection System using score based prioritization of snort rules

Snort is an open source Intrusion Detection System (IDS) that uses a rule-based approach to detect different kinds of malware, online attacks, vulnerabilities, etc. The performance of a Malware Detection System (MDS) deployed in a large network depends on the nature and type of rules stored in its database. As the number and type of attacks are increasing, more number of rules are appended in the MDS database. This increase in the size of rule database itself becomes the bottleneck in the performance of the MDS. This paper proposes a rule scoring based mechanism for prioritizing the snort rules so as to optimize the number of rules in the MDS database. Only those rules are retained in the database whose total score is greater than the computed threshold value. The results show that the performance of MDS has enhanced remarkably.

[1]  S. Egorov SNORTRAN : An Optimizing Compiler for Snort Rules , 2002 .

[2]  Ying Chen,et al.  Defending distributed systems against malicious intrusions and network anomalies , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[3]  Hesham Altwaijry,et al.  Bayesian based intrusion detection system , 2012, J. King Saud Univ. Comput. Inf. Sci..

[4]  Sunny Behal,et al.  An experimental analysis for malware detection using extrusions , 2011, 2011 2nd International Conference on Computer and Communication Technology (ICCCT-2011).

[5]  Johnny S. Wong,et al.  A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[6]  Krishan Kumar,et al.  Signature-based Botnet Detection and Prevention , 2010 .

[7]  Beizhan Wang,et al.  Research on Intrusion Detection Based on Sequential Pattern Mining Algorithms , 2011 .

[8]  Dmitry S. Kazachkin,et al.  Network traffic analysis optimization for signature-based intrusion detection systems , 2008 .

[9]  Christos Douligeris,et al.  Network Security: Current Status and Future Directions , 2007 .

[10]  Kuo Zhao,et al.  Improvement on rules matching algorithm of snort based on dynamic adjustment , 2008, 2008 2nd International Conference on Anti-counterfeiting, Security and Identification.

[11]  Fabio Roli,et al.  Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues , 2013, Inf. Sci..

[12]  Zouheir Trabelsi,et al.  IDS performance enhancement technique based on dynamic traffic awareness histograms , 2014, 2014 IEEE International Conference on Communications (ICC).

[13]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[14]  Hesham Altwaijry,et al.  Bayesian based intrusion detection system , 2012, J. King Saud Univ. Comput. Inf. Sci..

[15]  Hesham Altwaijry,et al.  Multi-Layer Bayesian Based Intrusion Detection System , 2011 .

[16]  Jignesh M. Patel,et al.  WIND: Workload-Aware INtrusion Detection , 2006, RAID.

[17]  Ying Chen,et al.  DHT-based security infrastructure for trusted internet and grid computing , 2006, Int. J. Crit. Infrastructures.

[18]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.