Anomaly payload signature generation system based on efficient tokenization methodology
Document Type
Article
Source of Publication
International Journal on Communications Antenna and Propagation
Publication Date
10-1-2018
Abstract
© 2018 Praise Worthy Prize S.r.l. All rights reserved. Signature-based intrusion detection systems are widely used as an efficient network security control. Unfortunately, security experts manually craft attack signatures after capturing and analyzing the exploit code. Therefore, those systems are only able to detect known attacks. In this paper, we propose a new automated and content-based signature generation system that generates anomaly profiles to detect new and previously unknown attacks and worms. The proposed system, denoted SCANS, uses a natural tokenization method that speeds up the signature generation process by producing a fewer number of substrings. In this system, we propose a new stop character technique that will help to overcome signatures’ substrings granularity limitations of the old stop word techniques. In addition, SCANS introduces an improved normalized binary detection model specifically tailored for attacks detection. Experimental testing using DARPA IDS dataset shows a 95% malicious packets detection rate for port 23, with specificity of 88.4% and 94.6% for ports 21 and 25, respectively.
DOI Link
ISSN
Publisher
Praise Worthy Prize S.r.l
Volume
8
Issue
5
First Page
421
Last Page
429
Disciplines
Computer Sciences
Keywords
Anomaly detection, Natural tokenization, Signature generation
Scopus ID
Recommended Citation
Aldwairi, Monther; Mardini, Wail; and Alhowaide, Alaa, "Anomaly payload signature generation system based on efficient tokenization methodology" (2018). All Works. 510.
https://zuscholars.zu.ac.ae/works/510
Indexed in Scopus
yes
Open Access
no