Volume 8 Number 12 (Dec. 2013)
Home > Archive > 2013 > Volume 8 Number 12 (Dec. 2013) >
JCP 2013 Vol.8(12): 3280-3286 ISSN: 1796-203X
doi: 10.4304/jcp.8.12.3280-3286

(WHASG) Automatic SNORT Signatures Generation by using Honeypot

Hesham Altwaijry, Khalid Shahbar
Department of Computer Engineering, College of Computer and Information Science, King Saud University
Abstract—An Intrusion detection system (IDS) is an important network security component that is used to monitor network traffic and detect attack attempts. A signature based intrusion detection system relies on a set of predefined signatures to detect an attack. Due to “zero-day” attacks (i.e. new unknown attacks) conventional IDS will not be able to detect these new attacks until the signatures are updated. Writing efficient new signatures to update the IDS signature database requires that the attack is first detected then studied and analyzed. These new rules should be general enough to include any modification of the attack pattern and specific so that normal traffic remains unblocked. Writing these signatures manually requires significant effort, time and knowledge to work properly. In this paper, a web based honeypot is used to generate SNORT intrusion detection system signatures (Rules) for HTTP traffic automatically. These new rules are integrated into the IDS signatures data base. We then verify the efficiency of the modified rules and show that the new rules are able to detect and block these attacks.

Index Terms—Automatic signatures generation, SNORT Rules, intrusion detection system, IDS, signature based.

[PDF]

Cite: Hesham Altwaijry, Khalid Shahbar, "(WHASG) Automatic SNORT Signatures Generation by using Honeypot," Journal of Computers vol. 8, no. 11, pp. 3280-3286, 2013.

General Information

ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Monthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO,  ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, CNKI,etc
E-mail: jcp@iap.org
  • Aug 16, 2019 News!

    Vol 14, No 8 has been published with online version   [Click]

  • Jul 19, 2019 News!

    Vol 14, No 7 has been published with online version   [Click]

  • Jun 21, 2019 News!

    Vol 14, No 6 has been published with online version   [Click]

  • Apr 28, 2019 News!

    Vol 14, No 5 has been published with online version 7 papers are published in this issue after peer review   [Click]

  • Mar 20, 2019 News!

    Vol 14, No 3 has been published with online version   [Click]

  • Read more>>