Publicação
Using CLIPS to detect network intrusions
| Resumo: | This paper shows how to build a network intrusion detection system by slightly modifying NASA's CLIPS source code, introducing features such as single and multiple string pattern matching, certainty factors and time-stamp operators. Several Snort functions and plugins were adapted and used for packet decoding and preprocessing to provide the basic requirements for such a system. The integration of CLIPS and Snort features allows the specification of complex stateful network intrusion detection heuristics which can model abstract attack scenarios. The results show that CLIPS can be useful to follow and correlate intruder activities by monitoring network traffic. |
|---|---|
| Autores principais: | Alípio, Pedro |
| Outros Autores: | Carvalho, Paulo; Neves, José |
| Assunto: | Network intrusion NIDS CLIPS Snort Certainty factors Attack scenarios intrusion detection |
| Ano: | 2003 |
| País: | Portugal |
| Tipo de documento: | capítulo de livro |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Universidade do Minho |
| Idioma: | inglês |
| Origem: | RepositóriUM - Universidade do Minho |
| Resumo: | This paper shows how to build a network intrusion detection system by slightly modifying NASA's CLIPS source code, introducing features such as single and multiple string pattern matching, certainty factors and time-stamp operators. Several Snort functions and plugins were adapted and used for packet decoding and preprocessing to provide the basic requirements for such a system. The integration of CLIPS and Snort features allows the specification of complex stateful network intrusion detection heuristics which can model abstract attack scenarios. The results show that CLIPS can be useful to follow and correlate intruder activities by monitoring network traffic. |
|---|