Publicação

Using CLIPS to detect network intrusions

Ver documento

Detalhes bibliográficos
Resumo:This paper shows how to build a network intrusion detection system by slightly modifying NASA's CLIPS source code, introducing features such as single and multiple string pattern matching, certainty factors and time-stamp operators. Several Snort functions and plugins were adapted and used for packet decoding and preprocessing to provide the basic requirements for such a system. The integration of CLIPS and Snort features allows the specification of complex stateful network intrusion detection heuristics which can model abstract attack scenarios. The results show that CLIPS can be useful to follow and correlate intruder activities by monitoring network traffic.
Autores principais:Alípio, Pedro
Outros Autores:Carvalho, Paulo; Neves, José
Assunto:Network intrusion NIDS CLIPS Snort Certainty factors Attack scenarios intrusion detection
Ano:2003
País:Portugal
Tipo de documento:capítulo de livro
Tipo de acesso:acesso aberto
Instituição associada:Universidade do Minho
Idioma:inglês
Origem:RepositóriUM - Universidade do Minho
Descrição
Resumo:This paper shows how to build a network intrusion detection system by slightly modifying NASA's CLIPS source code, introducing features such as single and multiple string pattern matching, certainty factors and time-stamp operators. Several Snort functions and plugins were adapted and used for packet decoding and preprocessing to provide the basic requirements for such a system. The integration of CLIPS and Snort features allows the specification of complex stateful network intrusion detection heuristics which can model abstract attack scenarios. The results show that CLIPS can be useful to follow and correlate intruder activities by monitoring network traffic.