Protocol Analysis in Intrusion Detection Using Decision Tree

Tarek Abbes 1 Adel Bouhoula Michaël Rusinowitch 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies, INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics.
Type de document :
Communication dans un congrès
International Conference on Information Technology: Coding and Computing - ITCC'04, Apr 2004, Las Vegas, Nevada, USA, 1, pp.404--408, 2004
Liste complète des métadonnées

https://hal.inria.fr/inria-00100006
Contributeur : Publications Loria <>
Soumis le : mardi 26 septembre 2006 - 10:13:18
Dernière modification le : jeudi 15 février 2018 - 08:48:09

Identifiants

  • HAL Id : inria-00100006, version 1

Citation

Tarek Abbes, Adel Bouhoula, Michaël Rusinowitch. Protocol Analysis in Intrusion Detection Using Decision Tree. International Conference on Information Technology: Coding and Computing - ITCC'04, Apr 2004, Las Vegas, Nevada, USA, 1, pp.404--408, 2004. 〈inria-00100006〉

Partager

Métriques

Consultations de la notice

251