论文信息 - Automatic Generation of Domain Specific Customized Signatures for an Enterprise Intrusion Detection System Based on Sentimental Analysis

Automatic Generation of Domain Specific Customized Signatures for an Enterprise Intrusion Detection System Based on Sentimental Analysis

IDS is a powerful tool in monitoring intruders. It detects the intruders based on pre defined patterns known as signatures. But in the context of an enterprise, a single IDS for the whole organization may not function effectively as there will be several business units (domains) such as HR, Finance, Marketing etc. Each business unit will have its own set of activities, business rules and security requirements. It should be possible for the personnel in these enterprise business units to enter their own security business rules. Since many of these personnel do not have expertise in writing signature to IDS, it would be convenient for them to specify the rules in Natural Language statements like English. These natural language statements should be converted to IDS signatures and are supposed to be added to signature database. In this paper, we have provided an interface to enter rules in natural language. Using Sentimental Analysis technique, we processed the natural language statements for conversion to IDS signatures. The converted signatures are added to corresponding business domain signature database. These domain specific customized signatures will certainly enhance the security of an enterprise.

Sudheer Kumar Battula | K. V. S. N. Rama Rao

[1] Herbert Bos,et al. Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.

[2] Somesh Jha,et al. An architecture for generating semantics-aware signatures , 2005 .

[3] Robert Koch. Towards next-generation Intrusion Detection , 2011, 2011 3rd International Conference on Cyber Conflict.

[4] Fabrício Benevenuto,et al. Comparing and combining sentiment analysis methods , 2013, COSN '13.

[5] Ying Chen,et al. Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.

[6] Salvatore J. Stolfo,et al. Anomalous Payload-Based Worm Detection and Signature Generation , 2005, RAID.

[7] Yuval Elovici,et al. F-Sign: Automatic, Function-Based Signature Generation for Malware , 2011, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[8] James Newsome,et al. Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[9] Carlos García Garino,et al. Automatic network intrusion detection: Current techniques and open issues , 2012, Comput. Electr. Eng..

[10] Manas Ranjan Patra,et al. A High Level Service Oriented Architectural Design for Building Intrusion Detection Systems , 2010 .