Title

Anomaly payload signature generation system based on efficient tokenization methodology

Document Type

Article

Source of Publication

International Journal on Communications Antenna and Propagation

Publication Date

10-1-2018

Abstract

© 2018 Praise Worthy Prize S.r.l. All rights reserved. Signature-based intrusion detection systems are widely used as an efficient network security control. Unfortunately, security experts manually craft attack signatures after capturing and analyzing the exploit code. Therefore, those systems are only able to detect known attacks. In this paper, we propose a new automated and content-based signature generation system that generates anomaly profiles to detect new and previously unknown attacks and worms. The proposed system, denoted SCANS, uses a natural tokenization method that speeds up the signature generation process by producing a fewer number of substrings. In this system, we propose a new stop character technique that will help to overcome signatures’ substrings granularity limitations of the old stop word techniques. In addition, SCANS introduces an improved normalized binary detection model specifically tailored for attacks detection. Experimental testing using DARPA IDS dataset shows a 95% malicious packets detection rate for port 23, with specificity of 88.4% and 94.6% for ports 21 and 25, respectively.

ISSN

2039-5086

Publisher

Praise Worthy Prize S.r.l

Volume

8

Issue

5

First Page

421

Last Page

429

Disciplines

Computer Sciences

Keywords

Anomaly detection, Natural tokenization, Signature generation

Scopus ID

85061724678

Indexed in Scopus

yes

Open Access

no

Share

COinS