Future Generation Communication and Networking (2007)
Jeju Island, Korea
Dec. 6, 2007 to Dec. 8, 2007
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/FGCN.2007.25
A new two-stage indexless search procedure is presented that makes use of the constrained edit distance in IDS mis- use detection attack database search. The procedure con- sists of a pre-selection phase, in which the original dataset is reduced and the exhaustive search phase for the database records selected in the first phase. The maximum number of consecutive deletions represents the constraint. Besides eliminating the need for finer exhaustive search in the at- tack database records in which the detected subsequence is too distorted, the new search procedure also enables bet- ter control over the search process in the case of deliberate distortion of the attack strings. Experimental results ob- tained on the SNORT signature files show that the proposed method offers average search data set reduction in the typ- ical cases of more than 70% compared to the method that uses the unconstrained edit distance.
K. Franke and S. Petrovic, "A New Two-Stage Search Procedure for Misuse Detection," 2007 International Conference on Future Generation Communication and Networking(FGCN), Jeju, 2007, pp. 418-422.