Publication: An IDS rule redundancy verification
2
Issued Date
2020-11-04
Resource Type
Other identifier(s)
2-s2.0-85098514714
Rights
Mahidol University
Rights Holder(s)
SCOPUS
Bibliographic Citation
JCSSE 2020 - 17th International Joint Conference on Computer Science and Software Engineering. (2020), 110-115
Suggested Citation
Piyawat Noiprasong, Assadarat Khurat An IDS rule redundancy verification. JCSSE 2020 - 17th International Joint Conference on Computer Science and Software Engineering. (2020), 110-115. doi:10.1109/JCSSE49651.2020.9268269 Retrieved from: https://repository.li.mahidol.ac.th/handle/123456789/60908
Research Projects
Organizational Units
Authors
Journal Issue
Thesis
Title
An IDS rule redundancy verification
Author(s)
Other Contributor(s)
Abstract
Copyright © JCSSE 2020 - 17th International Joint Conf. on Computer Science and Software Engineering. Intrusion Detection System (IDS) is a network security software and hardware widely used to detect anomaly network traffics by comparing the traffics against rules specified beforehand. Snort is one of the most famous open-source IDS system. To write a rule, Snort specifies structure and values in Snort manual. This specification is expressive enough to write in different way with the same meaning. If there are rule redundancy, it could distract performance. We, thus, propose a proof of semantical issues for Snort rule and found four pairs of Snort rule combinations that can cause redundancy. In addition, we create a tool to verify such redundancy between two rules on the public rulesets from Snort community and Emerging threat. As a result of our test, we found several redundancy issues in public rulesets if the user enables commented rules.