Characterizing the Modification Space of Signature IDS Rules

arXiv:2402.09644v1 Announce Type: new
Abstract: Signature-based Intrusion Detection Systems (SIDSs) are traditionally used to detect malicious activity in networks. A notable example of such a system is Snort, which compares network traffic against a series of rules that match known exploits. Current SIDS rules are designed to minimize the amount of legitimate traffic flagged incorrectly, reducing the burden on network administrators. However, different use cases than the traditional one--such as researchers studying trends or analyzing modified versions of known exploits--may …

arxiv cs.cr current detect detection exploits ids intrusion intrusion detection malicious modification network networks network traffic rules series signature snort space system systems traffic