Corpus
PascalFrancis
Racine
Corpus
Checkpoint
PascalFrancis
Racine
PascalFrancis
Exploration
Accueil
Racine
Racine

Serveur d'exploration sur la recherche en informatique en Lorraine

Attention, ce site est en cours de développement !
Attention, site généré par des moyens informatiques à partir de corpus bruts.
Les informations ne sont donc pas validées.

Protocol analysis in intrusion detection using decision tree

Identifieur interne : 000473 ( PascalFrancis/Corpus ); précédent : 000472; suivant : 000474

Protocol analysis in intrusion detection using decision tree

Auteurs : Tarek Abbes ; Adel Bouhoula ; Michaël Rusinowitch

Source :

RBID : Pascal:06-0090201

Descripteurs français

English descriptors

Abstract

Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics.

Notice en format standard (ISO 2709)

Pour connaître la documentation sur le format Inist Standard.

pA  
A08 01  1  ENG  @1 Protocol analysis in intrusion detection using decision tree
A09 01  1  ENG  @1 International conference on information technology : coding and computing : April 5-7, 2004, Las Vegas, Nevada
A11 01  1    @1 ABBES (Tarek)
A11 02  1    @1 BOUHOULA (Adel)
A11 03  1    @1 RUSINOWITCH (Michaël)
A14 01      @1 LORIA/INRIA-Lorraine @2 54602 Villers-lès-Nancy @3 FRA @Z 1 aut. @Z 3 aut.
A14 02      @1 SUP'COM @2 2083 Cité El Ghazala @3 TUN @Z 2 aut.
A20       @2 vol1.404-vol1.408
A21       @1 2004
A23 01      @0 ENG
A25 01      @1 IEEE Computer Society @2 Las Alamitos CA
A26 01      @0 0-7695-2108-8
A30 01  1  ENG  @1 International conference on information technology @3 Las Vegas NV USA @4 2004-04-05
A43 01      @1 INIST @2 Y 38580 @5 354000138662650720
A44       @0 0000 @1 © 2006 INIST-CNRS. All rights reserved.
A45       @0 7 ref.
A47 01  1    @0 06-0090201
A60       @1 C
A61       @0 A
A66 01      @0 USA
C01 01    ENG  @0 Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics.
C02 01  X    @0 001D02B07C
C03 01  X  FRE  @0 Sécurité informatique @5 06
C03 01  X  ENG  @0 Computer security @5 06
C03 01  X  SPA  @0 Seguridad informatica @5 06
C03 02  X  FRE  @0 Arbre décision @5 07
C03 02  X  ENG  @0 Decision tree @5 07
C03 02  X  SPA  @0 Arbol decisión @5 07
C03 03  X  FRE  @0 Monitorage @5 08
C03 03  X  ENG  @0 Monitoring @5 08
C03 03  X  SPA  @0 Monitoreo @5 08
C03 04  X  FRE  @0 Surveillance @5 09
C03 04  X  ENG  @0 Surveillance @5 09
C03 04  X  SPA  @0 Vigilancia @5 09
C03 05  X  FRE  @0 Concordance forme @5 10
C03 05  X  ENG  @0 Pattern matching @5 10
C03 06  X  FRE  @0 Détecteur intrus @5 18
C03 06  X  ENG  @0 Intruder detector @5 18
C03 06  X  SPA  @0 Detector intruso @5 18
C03 07  3  FRE  @0 Système détection intrusion @5 19
C03 07  3  ENG  @0 Intrusion detection systems @5 19
C03 08  X  FRE  @0 Analyse forme @5 23
C03 08  X  ENG  @0 Pattern analysis @5 23
C03 08  X  SPA  @0 Análisis forma @5 23
C03 09  X  FRE  @0 . @4 INC @5 82
N21       @1 051
N44 01      @1 OTO
N82       @1 OTO

Format Inist (serveur)

NO : PASCAL 06-0090201 INIST
ET : Protocol analysis in intrusion detection using decision tree
AU : ABBES (Tarek); BOUHOULA (Adel); RUSINOWITCH (Michaël)
AF : LORIA/INRIA-Lorraine/54602 Villers-lès-Nancy/France (1 aut., 3 aut.); SUP'COM/2083 Cité El Ghazala/Tunisie (2 aut.)
DT : Congrès; Niveau analytique
SO : International conference on information technology/2004-04-05/Las Vegas NV USA; Etats-Unis; Las Alamitos CA: IEEE Computer Society; Da. 2004; vol1.404-vol1.408; ISBN 0-7695-2108-8
LA : Anglais
EA : Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics.
CC : 001D02B07C
FD : Sécurité informatique; Arbre décision; Monitorage; Surveillance; Concordance forme; Détecteur intrus; Système détection intrusion; Analyse forme; .
ED : Computer security; Decision tree; Monitoring; Surveillance; Pattern matching; Intruder detector; Intrusion detection systems; Pattern analysis
SD : Seguridad informatica; Arbol decisión; Monitoreo; Vigilancia; Detector intruso; Análisis forma
LO : INIST-Y 38580.354000138662650720
ID : 06-0090201

Links to Exploration step

Pascal:06-0090201

Le document en format XML

<record>
<TEI>
<teiHeader>
<fileDesc>
<titleStmt>
<title xml:lang="en" level="a">Protocol analysis in intrusion detection using decision tree</title>
<author>
<name sortKey="Abbes, Tarek" sort="Abbes, Tarek" uniqKey="Abbes T" first="Tarek" last="Abbes">Tarek Abbes</name>
<affiliation>
<inist:fA14 i1="01">
<s1>LORIA/INRIA-Lorraine</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author>
<name sortKey="Bouhoula, Adel" sort="Bouhoula, Adel" uniqKey="Bouhoula A" first="Adel" last="Bouhoula">Adel Bouhoula</name>
<affiliation>
<inist:fA14 i1="02">
<s1>SUP'COM</s1>
<s2>2083 Cité El Ghazala</s2>
<s3>TUN</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author>
<name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
<affiliation>
<inist:fA14 i1="01">
<s1>LORIA/INRIA-Lorraine</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</titleStmt>
<publicationStmt>
<idno type="wicri:source">INIST</idno>
<idno type="inist">06-0090201</idno>
<date when="2004">2004</date>
<idno type="stanalyst">PASCAL 06-0090201 INIST</idno>
<idno type="RBID">Pascal:06-0090201</idno>
<idno type="wicri:Area/PascalFrancis/Corpus">000473</idno>
</publicationStmt>
<sourceDesc>
<biblStruct>
<analytic>
<title xml:lang="en" level="a">Protocol analysis in intrusion detection using decision tree</title>
<author>
<name sortKey="Abbes, Tarek" sort="Abbes, Tarek" uniqKey="Abbes T" first="Tarek" last="Abbes">Tarek Abbes</name>
<affiliation>
<inist:fA14 i1="01">
<s1>LORIA/INRIA-Lorraine</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author>
<name sortKey="Bouhoula, Adel" sort="Bouhoula, Adel" uniqKey="Bouhoula A" first="Adel" last="Bouhoula">Adel Bouhoula</name>
<affiliation>
<inist:fA14 i1="02">
<s1>SUP'COM</s1>
<s2>2083 Cité El Ghazala</s2>
<s3>TUN</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author>
<name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
<affiliation>
<inist:fA14 i1="01">
<s1>LORIA/INRIA-Lorraine</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</analytic>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc>
<textClass>
<keywords scheme="KwdEn" xml:lang="en">
<term>Computer security</term>
<term>Decision tree</term>
<term>Intruder detector</term>
<term>Intrusion detection systems</term>
<term>Monitoring</term>
<term>Pattern analysis</term>
<term>Pattern matching</term>
<term>Surveillance</term>
</keywords>
<keywords scheme="Pascal" xml:lang="fr">
<term>Sécurité informatique</term>
<term>Arbre décision</term>
<term>Monitorage</term>
<term>Surveillance</term>
<term>Concordance forme</term>
<term>Détecteur intrus</term>
<term>Système détection intrusion</term>
<term>Analyse forme</term>
<term>.</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front>
<div type="abstract" xml:lang="en">Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics.</div>
</front>
</TEI>
<inist>
<standard h6="B">
<pA>
<fA08 i1="01" i2="1" l="ENG">
<s1>Protocol analysis in intrusion detection using decision tree</s1>
</fA08>
<fA09 i1="01" i2="1" l="ENG">
<s1>International conference on information technology : coding and computing : April 5-7, 2004, Las Vegas, Nevada</s1>
</fA09>
<fA11 i1="01" i2="1">
<s1>ABBES (Tarek)</s1>
</fA11>
<fA11 i1="02" i2="1">
<s1>BOUHOULA (Adel)</s1>
</fA11>
<fA11 i1="03" i2="1">
<s1>RUSINOWITCH (Michaël)</s1>
</fA11>
<fA14 i1="01">
<s1>LORIA/INRIA-Lorraine</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
<sZ>3 aut.</sZ>
</fA14>
<fA14 i1="02">
<s1>SUP'COM</s1>
<s2>2083 Cité El Ghazala</s2>
<s3>TUN</s3>
<sZ>2 aut.</sZ>
</fA14>
<fA20>
<s2>vol1.404-vol1.408</s2>
</fA20>
<fA21>
<s1>2004</s1>
</fA21>
<fA23 i1="01">
<s0>ENG</s0>
</fA23>
<fA25 i1="01">
<s1>IEEE Computer Society</s1>
<s2>Las Alamitos CA</s2>
</fA25>
<fA26 i1="01">
<s0>0-7695-2108-8</s0>
</fA26>
<fA30 i1="01" i2="1" l="ENG">
<s1>International conference on information technology</s1>
<s3>Las Vegas NV USA</s3>
<s4>2004-04-05</s4>
</fA30>
<fA43 i1="01">
<s1>INIST</s1>
<s2>Y 38580</s2>
<s5>354000138662650720</s5>
</fA43>
<fA44>
<s0>0000</s0>
<s1>© 2006 INIST-CNRS. All rights reserved.</s1>
</fA44>
<fA45>
<s0>7 ref.</s0>
</fA45>
<fA47 i1="01" i2="1">
<s0>06-0090201</s0>
</fA47>
<fA60>
<s1>C</s1>
</fA60>
<fA61>
<s0>A</s0>
</fA61>
<fA66 i1="01">
<s0>USA</s0>
</fA66>
<fC01 i1="01" l="ENG">
<s0>Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics.</s0>
</fC01>
<fC02 i1="01" i2="X">
<s0>001D02B07C</s0>
</fC02>
<fC03 i1="01" i2="X" l="FRE">
<s0>Sécurité informatique</s0>
<s5>06</s5>
</fC03>
<fC03 i1="01" i2="X" l="ENG">
<s0>Computer security</s0>
<s5>06</s5>
</fC03>
<fC03 i1="01" i2="X" l="SPA">
<s0>Seguridad informatica</s0>
<s5>06</s5>
</fC03>
<fC03 i1="02" i2="X" l="FRE">
<s0>Arbre décision</s0>
<s5>07</s5>
</fC03>
<fC03 i1="02" i2="X" l="ENG">
<s0>Decision tree</s0>
<s5>07</s5>
</fC03>
<fC03 i1="02" i2="X" l="SPA">
<s0>Arbol decisión</s0>
<s5>07</s5>
</fC03>
<fC03 i1="03" i2="X" l="FRE">
<s0>Monitorage</s0>
<s5>08</s5>
</fC03>
<fC03 i1="03" i2="X" l="ENG">
<s0>Monitoring</s0>
<s5>08</s5>
</fC03>
<fC03 i1="03" i2="X" l="SPA">
<s0>Monitoreo</s0>
<s5>08</s5>
</fC03>
<fC03 i1="04" i2="X" l="FRE">
<s0>Surveillance</s0>
<s5>09</s5>
</fC03>
<fC03 i1="04" i2="X" l="ENG">
<s0>Surveillance</s0>
<s5>09</s5>
</fC03>
<fC03 i1="04" i2="X" l="SPA">
<s0>Vigilancia</s0>
<s5>09</s5>
</fC03>
<fC03 i1="05" i2="X" l="FRE">
<s0>Concordance forme</s0>
<s5>10</s5>
</fC03>
<fC03 i1="05" i2="X" l="ENG">
<s0>Pattern matching</s0>
<s5>10</s5>
</fC03>
<fC03 i1="06" i2="X" l="FRE">
<s0>Détecteur intrus</s0>
<s5>18</s5>
</fC03>
<fC03 i1="06" i2="X" l="ENG">
<s0>Intruder detector</s0>
<s5>18</s5>
</fC03>
<fC03 i1="06" i2="X" l="SPA">
<s0>Detector intruso</s0>
<s5>18</s5>
</fC03>
<fC03 i1="07" i2="3" l="FRE">
<s0>Système détection intrusion</s0>
<s5>19</s5>
</fC03>
<fC03 i1="07" i2="3" l="ENG">
<s0>Intrusion detection systems</s0>
<s5>19</s5>
</fC03>
<fC03 i1="08" i2="X" l="FRE">
<s0>Analyse forme</s0>
<s5>23</s5>
</fC03>
<fC03 i1="08" i2="X" l="ENG">
<s0>Pattern analysis</s0>
<s5>23</s5>
</fC03>
<fC03 i1="08" i2="X" l="SPA">
<s0>Análisis forma</s0>
<s5>23</s5>
</fC03>
<fC03 i1="09" i2="X" l="FRE">
<s0>.</s0>
<s4>INC</s4>
<s5>82</s5>
</fC03>
<fN21>
<s1>051</s1>
</fN21>
<fN44 i1="01">
<s1>OTO</s1>
</fN44>
<fN82>
<s1>OTO</s1>
</fN82>
</pA>
</standard>
<server>
<NO>PASCAL 06-0090201 INIST</NO>
<ET>Protocol analysis in intrusion detection using decision tree</ET>
<AU>ABBES (Tarek); BOUHOULA (Adel); RUSINOWITCH (Michaël)</AU>
<AF>LORIA/INRIA-Lorraine/54602 Villers-lès-Nancy/France (1 aut., 3 aut.); SUP'COM/2083 Cité El Ghazala/Tunisie (2 aut.)</AF>
<DT>Congrès; Niveau analytique</DT>
<SO>International conference on information technology/2004-04-05/Las Vegas NV USA; Etats-Unis; Las Alamitos CA: IEEE Computer Society; Da. 2004; vol1.404-vol1.408; ISBN 0-7695-2108-8</SO>
<LA>Anglais</LA>
<EA>Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptative to the network traffic characteristics.</EA>
<CC>001D02B07C</CC>
<FD>Sécurité informatique; Arbre décision; Monitorage; Surveillance; Concordance forme; Détecteur intrus; Système détection intrusion; Analyse forme; .</FD>
<ED>Computer security; Decision tree; Monitoring; Surveillance; Pattern matching; Intruder detector; Intrusion detection systems; Pattern analysis</ED>
<SD>Seguridad informatica; Arbol decisión; Monitoreo; Vigilancia; Detector intruso; Análisis forma</SD>
<LO>INIST-Y 38580.354000138662650720</LO>
<ID>06-0090201</ID>
</server>
</inist>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/PascalFrancis/Corpus

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000473 | SxmlIndent | more

Ou

HfdSelect -h $EXPLOR_AREA/Data/PascalFrancis/Corpus/biblio.hfd -nk 000473 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Lorraine
   |area=    InforLorV4
   |flux=    PascalFrancis
   |étape=   Corpus
   |type=    RBID
   |clé=     Pascal:06-0090201
   |texte=   Protocol analysis in intrusion detection using decision tree
}}
Wicri

This area was generated with Dilib version V0.6.33.
Data generation: Mon Jun 10 21:56:28 2019. Site generation: Fri Feb 25 15:29:27 2022