Projects per year
In this preliminary case study, we investigate how inconsistency in a network intrusion detection rule set can be measured. To achieve this, we first examine the structure of these rules which incorporate regular expression (Regex) pattern matching. We then identify primitive elements in these rules in order to translate the rules into their (equivalent) logical forms and to establish connections between them. Additional rules from background knowledge are also introduced to make the correlations among rules more explicit. Finally, we measure the degree of inconsistency in formulae of such a rule set (using the Scoring function, Shapley inconsistency values and Blame measure for prioritized knowledge) and compare the informativeness of these measures. We conclude that such measures are useful for the network intrusion domain assuming that incorporating domain knowledge for correlation of rules is feasible.
|Number of pages||6|
|Publication status||Published - Aug 2011|
|Event||Proceedings of the First International Workshop on Data, Logic and Inconsistency (DALI'11) at DEXA - Toulouse, France|
Duration: 01 Aug 2011 → 01 Aug 2011
|Conference||Proceedings of the First International Workshop on Data, Logic and Inconsistency (DALI'11) at DEXA|
|Period||01/08/2011 → 01/08/2011|
- inconsistency measures
- Network intrusion detection
FingerprintDive into the research topics of 'Measuring inconsistency in network intrusion rules'. Together they form a unique fingerprint.
- 1 Finished
R1118ECI: Centre for Secure Information Technologies (CSIT)
McCanny, J. V., Cowan, C., Crookes, D., Fusco, V., Linton, D., Liu, W., Miller, P., O'Neill, M., Scanlon, W. & Sezer, S.
01/08/2009 → 30/06/2014