Context-based intrusion detection using snort, nessus and bugtraq databases

Frédéric Massicotte, Mathieu Couture, Lionel Briand, Yvan Labiche

Research output: Contribution to conferencePaperpeer-review

Abstract

Intrusion Detection Systems (IDS) use different techniques to reduce the number of false positives they generate. Simple network context information such as the communication session state has been added in IDS signatures to only raise alarms in the proper context. However, this is often not sufficient and more network context information needs to be added to these Stateful IDS (SIDS) signatures to reduce the number of false positives. IDS are also used with other network monitoring systems such as Vulnerability Detection Systems (VDS) and vulnerability databases in centralized correlation systems to determine the importance of an alarm. The correlation mechanism relies on the accuracy of a standardized relationship between IDS signatures, VDS signatures and the vulnerability databases. In this paper, we study the strength of the relationships between Snort signatures, Nessus scripts and the Bugtraq vulnerability database, as well as their potential for information correlation and for deriving network context that could be incorporated in intrusion detection signatures.

Original languageEnglish
Publication statusPublished - 2005
Externally publishedYes
Event3rd Annual Conference on Privacy, Security and Trust, PST 2005 - St. Andrews, NB, Canada
Duration: 12 Oct 200512 Oct 2005

Conference

Conference3rd Annual Conference on Privacy, Security and Trust, PST 2005
Country/TerritoryCanada
CitySt. Andrews, NB
Period12/10/0512/10/05

Fingerprint

Dive into the research topics of 'Context-based intrusion detection using snort, nessus and bugtraq databases'. Together they form a unique fingerprint.

Cite this