Classification and Discovery of Rule Misconfigurations in Intrusion Detection and Response Devices

Free registration required

Executive Summary

The signature-based intrusion detection is one of the most commonly used techniques implemented in modern Intrusion Detection Systems (IDS). Being based on a set of rules, i.e., attack signatures, the accuracy and reliability of IDS detection heavily depend on the quality of the employed rule set. In this context, any conflicts that arise between rules create ambiguity in classification of network traffic or host events, not only affecting the performance of IDS, but also putting the system in a vulnerable position. Currently existing techniques for conflict detection focus primarily on the security policy of the network devices: IPSec, routers, firewalls.

  • Format: PDF
  • Size: 118.5 KB