2014 Second International Symposium on Computing and Networking (CANDAR) (2014)
Dec. 10, 2014 to Dec. 12, 2014
Snort is the most popular Intrusion Detection Systems (IDS). It will generate alert messages when an arrival packet matches some of the pre-defined rules. Snort has some problems as follows: it tries the matching for all of the rules even when the packet never matches some rules in case of matching some other rules, and it provides contradictory and redundant alert messages when a set of erroneous and poorly-organized rules is given. This paper proposes a method for characterizing relations between Snort rules towards the solutions for the above problems. The proposed method calculates topological relations between Snort rules based on a set theory.
Educational institutions, Payloads, Computer science, Firewalls (computing), Intrusion detection, Acceleration, Set theory
Y. Yin, Y. Wang and N. Takahashi, "Set-Based Calculation of Topological Relations between Snort Rules," 2014 Second International Symposium on Computing and Networking (CANDAR), Shizuoka, Japan, 2014, pp. 617-619.