Utilize este identificador para referenciar este registo:
https://hdl.handle.net/1822/2966
Título: | Using CLIPS to detect network intrusions |
Autor(es): | Alípio, Pedro Carvalho, Paulo Neves, José |
Palavras-chave: | Network intrusion NIDS CLIPS Snort Certainty factors Attack scenarios intrusion detection |
Data: | Dez-2003 |
Editora: | Springer Verlag |
Revista: | Lecture Notes in Computer Science |
Resumo(s): | This paper shows how to build a network intrusion detection system by slightly modifying NASA's CLIPS source code, introducing features such as single and multiple string pattern matching, certainty factors and time-stamp operators. Several Snort functions and plugins were adapted and used for packet decoding and preprocessing to provide the basic requirements for such a system. The integration of CLIPS and Snort features allows the specification of complex stateful network intrusion detection heuristics which can model abstract attack scenarios. The results show that CLIPS can be useful to follow and correlate intruder activities by monitoring network traffic. |
Tipo: | Capítulo de livro |
URI: | https://hdl.handle.net/1822/2966 |
ISBN: | 3-540-20589-6 |
ISSN: | 0302-9743 |
Arbitragem científica: | yes |
Acesso: | Acesso aberto |
Aparece nas coleções: | DI/CCTC - Artigos (papers) |
Ficheiros deste registo:
Ficheiro | Descrição | Tamanho | Formato | |
---|---|---|---|---|
epia2003-cr.bib | Latex bibitem | 313 B | Text | Ver/Abrir |
epia2003-cr.pdf | Artigo | 118,1 kB | Adobe PDF | Ver/Abrir |