Protocol analysis in intrusion detection using decision tree
Identifieur interne : 000473 ( PascalFrancis/Corpus ); précédent : 000472; suivant : 000474Protocol analysis in intrusion detection using decision tree
Auteurs : Tarek Abbes ; Adel Bouhoula ; Michaël RusinowitchSource :
Descripteurs français
- Pascal (Inist)
English descriptors
- KwdEn :
Abstract
Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics.
Notice en format standard (ISO 2709)
Pour connaître la documentation sur le format Inist Standard.
pA |
|
---|
Format Inist (serveur)
NO : | PASCAL 06-0090201 INIST |
---|---|
ET : | Protocol analysis in intrusion detection using decision tree |
AU : | ABBES (Tarek); BOUHOULA (Adel); RUSINOWITCH (Michaël) |
AF : | LORIA/INRIA-Lorraine/54602 Villers-lès-Nancy/France (1 aut., 3 aut.); SUP'COM/2083 Cité El Ghazala/Tunisie (2 aut.) |
DT : | Congrès; Niveau analytique |
SO : | International conference on information technology/2004-04-05/Las Vegas NV USA; Etats-Unis; Las Alamitos CA: IEEE Computer Society; Da. 2004; vol1.404-vol1.408; ISBN 0-7695-2108-8 |
LA : | Anglais |
EA : | Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics. |
CC : | 001D02B07C |
FD : | Sécurité informatique; Arbre décision; Monitorage; Surveillance; Concordance forme; Détecteur intrus; Système détection intrusion; Analyse forme; . |
ED : | Computer security; Decision tree; Monitoring; Surveillance; Pattern matching; Intruder detector; Intrusion detection systems; Pattern analysis |
SD : | Seguridad informatica; Arbol decisión; Monitoreo; Vigilancia; Detector intruso; Análisis forma |
LO : | INIST-Y 38580.354000138662650720 |
ID : | 06-0090201 |
Links to Exploration step
Pascal:06-0090201Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en" level="a">Protocol analysis in intrusion detection using decision tree</title>
<author><name sortKey="Abbes, Tarek" sort="Abbes, Tarek" uniqKey="Abbes T" first="Tarek" last="Abbes">Tarek Abbes</name>
<affiliation><inist:fA14 i1="01"><s1>LORIA/INRIA-Lorraine</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author><name sortKey="Bouhoula, Adel" sort="Bouhoula, Adel" uniqKey="Bouhoula A" first="Adel" last="Bouhoula">Adel Bouhoula</name>
<affiliation><inist:fA14 i1="02"><s1>SUP'COM</s1>
<s2>2083 Cité El Ghazala</s2>
<s3>TUN</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
<affiliation><inist:fA14 i1="01"><s1>LORIA/INRIA-Lorraine</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">INIST</idno>
<idno type="inist">06-0090201</idno>
<date when="2004">2004</date>
<idno type="stanalyst">PASCAL 06-0090201 INIST</idno>
<idno type="RBID">Pascal:06-0090201</idno>
<idno type="wicri:Area/PascalFrancis/Corpus">000473</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title xml:lang="en" level="a">Protocol analysis in intrusion detection using decision tree</title>
<author><name sortKey="Abbes, Tarek" sort="Abbes, Tarek" uniqKey="Abbes T" first="Tarek" last="Abbes">Tarek Abbes</name>
<affiliation><inist:fA14 i1="01"><s1>LORIA/INRIA-Lorraine</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author><name sortKey="Bouhoula, Adel" sort="Bouhoula, Adel" uniqKey="Bouhoula A" first="Adel" last="Bouhoula">Adel Bouhoula</name>
<affiliation><inist:fA14 i1="02"><s1>SUP'COM</s1>
<s2>2083 Cité El Ghazala</s2>
<s3>TUN</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
<affiliation><inist:fA14 i1="01"><s1>LORIA/INRIA-Lorraine</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</analytic>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Computer security</term>
<term>Decision tree</term>
<term>Intruder detector</term>
<term>Intrusion detection systems</term>
<term>Monitoring</term>
<term>Pattern analysis</term>
<term>Pattern matching</term>
<term>Surveillance</term>
</keywords>
<keywords scheme="Pascal" xml:lang="fr"><term>Sécurité informatique</term>
<term>Arbre décision</term>
<term>Monitorage</term>
<term>Surveillance</term>
<term>Concordance forme</term>
<term>Détecteur intrus</term>
<term>Système détection intrusion</term>
<term>Analyse forme</term>
<term>.</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics.</div>
</front>
</TEI>
<inist><standard h6="B"><pA><fA08 i1="01" i2="1" l="ENG"><s1>Protocol analysis in intrusion detection using decision tree</s1>
</fA08>
<fA09 i1="01" i2="1" l="ENG"><s1>International conference on information technology : coding and computing : April 5-7, 2004, Las Vegas, Nevada</s1>
</fA09>
<fA11 i1="01" i2="1"><s1>ABBES (Tarek)</s1>
</fA11>
<fA11 i1="02" i2="1"><s1>BOUHOULA (Adel)</s1>
</fA11>
<fA11 i1="03" i2="1"><s1>RUSINOWITCH (Michaël)</s1>
</fA11>
<fA14 i1="01"><s1>LORIA/INRIA-Lorraine</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</fA14>
<fA14 i1="02"><s1>SUP'COM</s1>
<s2>2083 Cité El Ghazala</s2>
<s3>TUN</s3>
<sZ>2 aut.</sZ>
</fA14>
<fA20><s2>vol1.404-vol1.408</s2>
</fA20>
<fA21><s1>2004</s1>
</fA21>
<fA23 i1="01"><s0>ENG</s0>
</fA23>
<fA25 i1="01"><s1>IEEE Computer Society</s1>
<s2>Las Alamitos CA</s2>
</fA25>
<fA26 i1="01"><s0>0-7695-2108-8</s0>
</fA26>
<fA30 i1="01" i2="1" l="ENG"><s1>International conference on information technology</s1>
<s3>Las Vegas NV USA</s3>
<s4>2004-04-05</s4>
</fA30>
<fA43 i1="01"><s1>INIST</s1>
<s2>Y 38580</s2>
<s5>354000138662650720</s5>
</fA43>
<fA44><s0>0000</s0>
<s1>© 2006 INIST-CNRS. All rights reserved.</s1>
</fA44>
<fA45><s0>7 ref.</s0>
</fA45>
<fA47 i1="01" i2="1"><s0>06-0090201</s0>
</fA47>
<fA60><s1>C</s1>
</fA60>
<fA61><s0>A</s0>
</fA61>
<fA66 i1="01"><s0>USA</s0>
</fA66>
<fC01 i1="01" l="ENG"><s0>Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics.</s0>
</fC01>
<fC02 i1="01" i2="X"><s0>001D02B07C</s0>
</fC02>
<fC03 i1="01" i2="X" l="FRE"><s0>Sécurité informatique</s0>
<s5>06</s5>
</fC03>
<fC03 i1="01" i2="X" l="ENG"><s0>Computer security</s0>
<s5>06</s5>
</fC03>
<fC03 i1="01" i2="X" l="SPA"><s0>Seguridad informatica</s0>
<s5>06</s5>
</fC03>
<fC03 i1="02" i2="X" l="FRE"><s0>Arbre décision</s0>
<s5>07</s5>
</fC03>
<fC03 i1="02" i2="X" l="ENG"><s0>Decision tree</s0>
<s5>07</s5>
</fC03>
<fC03 i1="02" i2="X" l="SPA"><s0>Arbol decisión</s0>
<s5>07</s5>
</fC03>
<fC03 i1="03" i2="X" l="FRE"><s0>Monitorage</s0>
<s5>08</s5>
</fC03>
<fC03 i1="03" i2="X" l="ENG"><s0>Monitoring</s0>
<s5>08</s5>
</fC03>
<fC03 i1="03" i2="X" l="SPA"><s0>Monitoreo</s0>
<s5>08</s5>
</fC03>
<fC03 i1="04" i2="X" l="FRE"><s0>Surveillance</s0>
<s5>09</s5>
</fC03>
<fC03 i1="04" i2="X" l="ENG"><s0>Surveillance</s0>
<s5>09</s5>
</fC03>
<fC03 i1="04" i2="X" l="SPA"><s0>Vigilancia</s0>
<s5>09</s5>
</fC03>
<fC03 i1="05" i2="X" l="FRE"><s0>Concordance forme</s0>
<s5>10</s5>
</fC03>
<fC03 i1="05" i2="X" l="ENG"><s0>Pattern matching</s0>
<s5>10</s5>
</fC03>
<fC03 i1="06" i2="X" l="FRE"><s0>Détecteur intrus</s0>
<s5>18</s5>
</fC03>
<fC03 i1="06" i2="X" l="ENG"><s0>Intruder detector</s0>
<s5>18</s5>
</fC03>
<fC03 i1="06" i2="X" l="SPA"><s0>Detector intruso</s0>
<s5>18</s5>
</fC03>
<fC03 i1="07" i2="3" l="FRE"><s0>Système détection intrusion</s0>
<s5>19</s5>
</fC03>
<fC03 i1="07" i2="3" l="ENG"><s0>Intrusion detection systems</s0>
<s5>19</s5>
</fC03>
<fC03 i1="08" i2="X" l="FRE"><s0>Analyse forme</s0>
<s5>23</s5>
</fC03>
<fC03 i1="08" i2="X" l="ENG"><s0>Pattern analysis</s0>
<s5>23</s5>
</fC03>
<fC03 i1="08" i2="X" l="SPA"><s0>Análisis forma</s0>
<s5>23</s5>
</fC03>
<fC03 i1="09" i2="X" l="FRE"><s0>.</s0>
<s4>INC</s4>
<s5>82</s5>
</fC03>
<fN21><s1>051</s1>
</fN21>
<fN44 i1="01"><s1>OTO</s1>
</fN44>
<fN82><s1>OTO</s1>
</fN82>
</pA>
</standard>
<server><NO>PASCAL 06-0090201 INIST</NO>
<ET>Protocol analysis in intrusion detection using decision tree</ET>
<AU>ABBES (Tarek); BOUHOULA (Adel); RUSINOWITCH (Michaël)</AU>
<AF>LORIA/INRIA-Lorraine/54602 Villers-lès-Nancy/France (1 aut., 3 aut.); SUP'COM/2083 Cité El Ghazala/Tunisie (2 aut.)</AF>
<DT>Congrès; Niveau analytique</DT>
<SO>International conference on information technology/2004-04-05/Las Vegas NV USA; Etats-Unis; Las Alamitos CA: IEEE Computer Society; Da. 2004; vol1.404-vol1.408; ISBN 0-7695-2108-8</SO>
<LA>Anglais</LA>
<EA>Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics.</EA>
<CC>001D02B07C</CC>
<FD>Sécurité informatique; Arbre décision; Monitorage; Surveillance; Concordance forme; Détecteur intrus; Système détection intrusion; Analyse forme; .</FD>
<ED>Computer security; Decision tree; Monitoring; Surveillance; Pattern matching; Intruder detector; Intrusion detection systems; Pattern analysis</ED>
<SD>Seguridad informatica; Arbol decisión; Monitoreo; Vigilancia; Detector intruso; Análisis forma</SD>
<LO>INIST-Y 38580.354000138662650720</LO>
<ID>06-0090201</ID>
</server>
</inist>
</record>
Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/PascalFrancis/Corpus
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000473 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/PascalFrancis/Corpus/biblio.hfd -nk 000473 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien |wiki= Wicri/Lorraine |area= InforLorV4 |flux= PascalFrancis |étape= Corpus |type= RBID |clé= Pascal:06-0090201 |texte= Protocol analysis in intrusion detection using decision tree }}
![]() | This area was generated with Dilib version V0.6.33. | ![]() |