Abstract
IDS is a powerful tool in monitoring intruders. It detects the intruders based on pre defined patterns known as signatures. But in the context of an enterprise, a single IDS for the whole organization may not function effectively as there will be several business units (domains) such as HR, Finance, Marketing etc. Each business unit will have its own set of activities, business rules and security requirements. It should be possible for the personnel in these enterprise business units to enter their own security business rules. Since many of these personnel do not have expertise in writing signature to IDS, it would be convenient for them to specify the rules in Natural Language statements like English. These natural language statements should be converted to IDS signatures and are supposed to be added to signature database. In this paper, we have provided an interface to enter rules in natural language. Using Sentimental Analysis technique, we processed the natural language statements for conversion to IDS signatures. The converted signatures are added to corresponding business domain signature database. These domain specific customized signatures will certainly enhance the security of an enterprise.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Snort Rules. https://www.snort.org/
McAfee network protection solutions: Next generation intrusion detection system. http://www.mcafee.com/us/local_content/white_papers/wp_intruvertnextgenerationids.pdf. Accessed on May 2009
Rama Rao, KVSN, Patra, M.R.: A high level service oriented architectural design for building intrusion detection systems. In: Proceedings in Communication, Network, and Computing (CNC 2010), IEEE, pp. 213–218 (June 2010)
Yegneswaran, V., Giffin, J.T., Barford, P., Jha, S.: An architecture for generating semantics-aware signatures. In: USENIX Security, pp. 34–43 (August 2005)
Hwang, K., Cai, M., Chen, Y., Qin, M.: Hybrid intrusion detection with weighted signature generation over anomalous internet episodes. IEEE Trans. Dependable Secure Comput. 4(1), 41–55 (2007)
Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: IEEE Symposium on Security and Privacy, pp. 226–241, IEEE 2005 (May 2005)
Wang, K., Cretu, G., Stolfo, S.J.: Anomalous payload-based worm detection and signature generation. In: Recent Advances in Intrusion Detection, pp. 227–246. Springer, Berlin
Portokalidis, G., Slowinska, A., Bos, H.: Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation. In: ACM SIGOPS Operating Systems Review, vol. 40, no. 4, pp. 15–27. ACM (2006, April)
Catania, C.A., Garino, C.G.: Automatic network intrusion detection: current techniques and open issues. Comput. Electr. Eng. 38(5), 1062–1072 (2012)
Shabtai, A., Menahem, E., Elovici, Y.: F-sign: automatic, function-based signature generation for malware. Syst. Man Cybern. Part C IEEE Trans. Appl. Rev. 41(4), 494–508 (2011)
Koch, R.: Towards next-generation intrusion detection. In: 3rd International Conference on Cyber Conflict (ICCC), IEEE 2011, pp. 1–18. (June 2011)
Gonalves, P., Arajo, M., Benevenuto, F., Cha, M.: Comparing and combining sentiment analysis methods. In: Proceedings of the first ACM conference on Online social networks, pp. 27–38, ACM (Oct 2013)
Acknowledgments
We wish to acknowledge the funding for this research project (MRP-4567/14 (SERO/UGC)) from University Grants Commission-South Eastern Regional Office, Hyderabad under Minor Research Projects for the year 2013–2014.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer India
About this paper
Cite this paper
Rama Rao, K.V.S.N., Battula, S.K. (2015). Automatic Generation of Domain Specific Customized Signatures for an Enterprise Intrusion Detection System Based on Sentimental Analysis. In: Mandal, J., Satapathy, S., Kumar Sanyal, M., Sarkar, P., Mukhopadhyay, A. (eds) Information Systems Design and Intelligent Applications. Advances in Intelligent Systems and Computing, vol 339. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2250-7_48
Download citation
DOI: https://doi.org/10.1007/978-81-322-2250-7_48
Published:
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2249-1
Online ISBN: 978-81-322-2250-7
eBook Packages: EngineeringEngineering (R0)