Data Management

A New Two-Stage Search Procedure for Misuse Detection

Download Now Free registration required

Executive Summary

A new two-stage indexless search procedure is presented that makes use of the constrained edit distance in IDS misuse detection attack database search. The procedure consists of a pre-selection phase, in which the original dataset is reduced and the exhaustive search phase for the database records selected in the first phase. The maximum number of consecutive deletions represents the constraint. Besides eliminating the need for finer exhaustive search in the attack database records in which the detected subsequence is too distorted, the new search procedure also enables better control over the search process in the case of deliberate distortion of the attack strings.

  • Format: PDF
  • Size: 194.64 KB