JCP 2013 Vol.8(12): 3280-3286 ISSN: 1796-203X
doi: 10.4304/jcp.8.12.3280-3286
doi: 10.4304/jcp.8.12.3280-3286
(WHASG) Automatic SNORT Signatures Generation by using Honeypot
Hesham Altwaijry, Khalid Shahbar
Department of Computer Engineering, College of Computer and Information Science, King Saud University
Abstract—An Intrusion detection system (IDS) is an important network security component that is used to monitor network traffic and detect attack attempts. A signature based intrusion detection system relies on a set of predefined signatures to detect an attack. Due to “zero-day” attacks (i.e. new unknown attacks) conventional IDS will not be able to detect these new attacks until the signatures are updated. Writing efficient new signatures to update the IDS signature database requires that the attack is first detected then studied and analyzed. These new rules should be general enough to include any modification of the attack pattern and specific so that normal traffic remains unblocked. Writing these signatures manually requires significant effort, time and knowledge to work properly. In this paper, a web based honeypot is used to generate SNORT intrusion detection system signatures (Rules) for HTTP traffic automatically. These new rules are integrated into the IDS signatures data base. We then verify the efficiency of the modified rules and show that the new rules are able to detect and block these attacks.
Index Terms—Automatic signatures generation, SNORT Rules, intrusion detection system, IDS, signature based.
Abstract—An Intrusion detection system (IDS) is an important network security component that is used to monitor network traffic and detect attack attempts. A signature based intrusion detection system relies on a set of predefined signatures to detect an attack. Due to “zero-day” attacks (i.e. new unknown attacks) conventional IDS will not be able to detect these new attacks until the signatures are updated. Writing efficient new signatures to update the IDS signature database requires that the attack is first detected then studied and analyzed. These new rules should be general enough to include any modification of the attack pattern and specific so that normal traffic remains unblocked. Writing these signatures manually requires significant effort, time and knowledge to work properly. In this paper, a web based honeypot is used to generate SNORT intrusion detection system signatures (Rules) for HTTP traffic automatically. These new rules are integrated into the IDS signatures data base. We then verify the efficiency of the modified rules and show that the new rules are able to detect and block these attacks.
Index Terms—Automatic signatures generation, SNORT Rules, intrusion detection system, IDS, signature based.
Cite: Hesham Altwaijry, Khalid Shahbar, "(WHASG) Automatic SNORT Signatures Generation by using Honeypot," Journal of Computers vol. 8, no. 11, pp. 3280-3286, 2013.
General Information
ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat,etc
E-mail: jcp@iap.org
-
Nov 14, 2019 News!
Vol 14, No 11 has been published with online version [Click]
-
Mar 20, 2020 News!
Vol 15, No 2 has been published with online version [Click]
-
Dec 16, 2019 News!
Vol 14, No 12 has been published with online version [Click]
-
Sep 16, 2019 News!
Vol 14, No 9 has been published with online version [Click]
-
Aug 16, 2019 News!
Vol 14, No 8 has been published with online version [Click]
- Read more>>