IDS rule management made easy
2016 (English)In: Electronics, Computers and Artificial Intelligence (ECAI), 2016 8th International Conference on, IEEE conference proceedings, 2016Conference paper (Refereed)
Signature-based intrusion detection systems (IDSs) are commonly utilized in enterprise networks to detect and possibly block a wide variety of attacks. Their application in industrial control systems (ICSs) is also growing rapidly as modem ICSs increasingly use open standard protocols instead of proprietary. Due to an ever changing threat landscape, the rulesets used by these IDSs have grown large and there is no way to verify their precision or accuracy. Such broad and non-optimized rulesets lead to false positives and an unnecessary burden on the IDS, resulting in possible degradation of the security. This work proposes a methodology consisting of a set of tools to help optimize the IDS rulesets and make rule management easier. The work also provides attack traffic data that is expected to benefit the task of IDS assessment.
Place, publisher, year, edition, pages
IEEE conference proceedings, 2016.
IdentifiersURN: urn:nbn:se:kau:diva-48016DOI: 10.1109/ECAI.2016.7861119ISBN: 978-1-5090-2048-5 (print)OAI: oai:DiVA.org:kau-48016DiVA: diva2:1076856
8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 30 June-2 July 2016, Ploiesti, Romania