Managing Intrusion Detection Rule Sets

Download Now Free registration required

Executive Summary

The prevalent use of the signature-based approach in modern Intrusion Detection Systems (IDS) emphasizes the importance of the efficient management of the employed signature sets. With the constant discovery of new threats and vulnerabilities, the complexity and size of signature sets reach the point where the manual management of rules becomes a challenging (if not impossible) task for the system administrators. While the automated support of signature management is desirable, the main difficulty that arises in this context is the diversity in syntactical representations of sig-natures generally allowed in IDS. In this paper, the authors focus on the automated approach to signature management. Specifically, they propose a model for signature analysis that brings out the semantic inconsistencies in the IDS rule sets.

  • Format: PDF
  • Size: 169.02 KB