BROWSE
Detail
Conference Paper
Two-step Rule Estimation (TRE) - Intrusion Detection Method against Eluding NIDS
Cited - time in 
Share 
Share
- Authors
- Byeong-Cheol Choi, Dong-II Seo, Sung-Won Soh
- Issue Date
- 2004-02
- Citation
- International Conference on Advanced Communication Technology (ICACT) 2004, pp.504-507
- Publisher
- IEEE
- Language
- English
- Type
- Conference Paper
- Abstract
- In this paper, we propose a TRE (Two-step Rule Estimation) method that can avoid eluding attacks of NIDS (Network-based Intrusion Detection System). Many existing NIDS have used rule-based pattern-matching method, that is, an expert system. However, this method is very vulnerable to insertion and evasion attacks. The TRE method proposed in this paper consists of two processes; the first process involves a preprocessor that searches for the optimal rule similar to a captured packet, and the second process involves a main processor that achieves adaptive pattern matching. The TRE is designed to detect various kinds of eluding attacks and can decrease the miss-detection probability of the rule-based pattern matching that is usually used in NIDS.
- KSP Keywords
- An expert system, Detection Method, Detection probability, Evasion attacks, Intrusion detection system(IDS), Miss detection, Network-based intrusion detection system, Optimal rule, Rule-based, Two-Step, adaptive pattern