Characterizing realistic signature-based intrusion detection benchmarks

Document Type

Conference Proceeding

Source of Publication

ACM International Conference Proceeding Series

Publication Date

12-29-2018

Abstract

© 2018 Association for Computing Machinery. Speeding up pattern matching for intrusion detection systems has been a growing field of research. There has been a flux of new algorithms, modifications to existing algorithms and even hardware architectures aimed at improving pattern matching performance. Establishing an accurate comparison to related work is a real challenge because researchers use different datasets and metrics to evaluate their work. The purpose of this paper is to characterize and identify realistic workloads, propose standard benchmarks, and establish common metrics to better compare work in the area of pattern matching for intrusion detection. We collect traffic traces and attack signatures from popular open source platforms. The datasets are processed, cleansed and studied, to give the researchers a better understanding of their characteristics. The final datasets along with detailed information about their origins, contents, features, statistical analysis and performance evaluation using well-known pattern-matching algorithms are available to the public. In addition, we provide a generic parser capable of parsing different intrusion detection systems rule formats and extract attack signatures. Finally, a pattern-matching engine that enables researchers to plug-and-play their new pattern matching algorithms and compare to existing algorithms using the predefined metrics.

ISBN

9781450366298

Publisher

Association for Computing Machinery

First Page

97

Last Page

103

Disciplines

Computer Sciences

Keywords

Attack signatures, Benchmarks, Intrusion detection, Pattern matching, Traffic traces

Scopus ID

85062914983

Indexed in Scopus

yes

Open Access

no

Link to Full Text

Share

COinS