• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Computers & Security >EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism
【24h】

EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism

机译:EFM:使用增强的过滤器机制提高基于签名的网络入侵检测系统的性能

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Signature-based network intrusion detection systems (NIDSs) have been widely deployed in current network security infrastructure. However, these detection systems suffer from some limitations such as network packet overload, expensive signature matching and massive false alarms in a large-scale network environment. In this paper, we aim to develop an enhanced filter mechanism (named EFM) to comprehensively mitigate these issues, which consists of three major components: a context-aware blacklist-based packet filter, an exclusive signature matching component and a KNN-based false alarm filter. The experiments, which were conducted with two data sets and in a network environment, demonstrate that our proposed EFM can overall enhance the performance of a signature-based NIDS such as Snort in the aspects of packet filtration, signature matching improvement and false alarm reduction without affecting network security.
机译:基于签名的网络入侵检测系统(NIDS)已广泛部署在当前的网络安全基础结构中。但是,这些检测系统受到一些限制,例如网络数据包过载,昂贵的签名匹配以及大规模网络环境中的大量错误警报。在本文中,我们旨在开发一种增强的过滤器机制(名为EFM)以全面缓解这些问题,该机制包括三个主要组件:基于上下文的黑名单数据包过滤器,专有签名匹配组件和基于KNN的虚假消息警报过滤器。在网络环境中使用两个数据集进行的实验表明,我们提出的EFM可以在数据包过滤,签名匹配改进和误报减少方面全面提高基于签名的NIDS(如Snort)的性能。影响网络安全。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号