Back to Search
Start Over
Syrius: Synthesis of Rules for Intrusion Detectors
- Source :
- IEEE Transactions on Reliability. 71:370-381
- Publication Year :
- 2022
- Publisher :
- Institute of Electrical and Electronics Engineers (IEEE), 2022.
-
Abstract
- Network intrusion detection systems (NIDS) are popular tools to defend local networks against attacks. These systems monitor the network traffic and flag suspicious behavior. Rule-based NIDS do that by checking the network traffic against a set of rules, which become obsolete as attackers learn new strategies to circumvent existing defenses. This article proposes synthesis of suricata rules (Syrius), a novel approach to synthesize rules for rule-based NIDS. Syrius leverages malicious (positive) and benign (negative) traffic to create rules for new attacks. Syrius is organized as a pipeline of three components to 1) create an overspecified seed rule, 2) derive plausible rules from the seed, and 3) rank plausible rules. We evaluated Syrius against a set of 21 network attacks with various characteristics. Syrius was capable of generating the correct rule among the top-3 and top-1 rules of the ranking, respectively, in 80.1% and 47.6% of the cases.
Details
- ISSN :
- 15581721 and 00189529
- Volume :
- 71
- Database :
- OpenAIRE
- Journal :
- IEEE Transactions on Reliability
- Accession number :
- edsair.doi...........8ee970637598198af3a22c101e8b31c4