The Development of an Enhanced Filter Mechanism Prototype for Signature-based Network Intrusion Detection Systems

Description

Signature-based network intrusion detection systems (NIDSs) have been widely deployed in current network infrastructure to defend against various network attacks. However, there are three major issues regarding these detection systems: 1) overhead network packets; 2) expensive signature matching; 3) and massive false alarms. These problems can greatly lower the effectiveness and efficiency of such detection systems in a network environment, especially in a large-scale network. For instance, the computational burden of signature matching is at least linear to the size of an incoming string.In this project with the purpose of mitigating the above issues, we attempt develop anenhanced filter mechanism(namedEFM), which consists of three major components: a context-aware list-based packet filter, an exclusive signature matching component and a machine-learning-based false alarm filter. This EFM will help reduce the burden of a signature-based NIDSs and reduce the false alarms, without affecting the architecture of such detection systems. In order to verify the effectiveness of such an EFM, we shall design and construct a prototype of EFM that experiments and validation tasks can be carried out.