Cargando…
A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC)
The rapid advanced technological development alongside the Internet with its cutting-edge applications has positively impacted human society in many aspects. Nevertheless, it equally comes with the escalating privacy and critical cybersecurity concerns that can lead to catastrophic consequences, suc...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
PeerJ Inc.
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9044335/ https://www.ncbi.nlm.nih.gov/pubmed/35494802 http://dx.doi.org/10.7717/peerj-cs.900 |
| _version_ | 1784695083789975552 |
|---|---|
| author | Jaw, Ebrima Wang, Xueming |
| author_facet | Jaw, Ebrima Wang, Xueming |
| author_sort | Jaw, Ebrima |
| collection | PubMed |
| description | The rapid advanced technological development alongside the Internet with its cutting-edge applications has positively impacted human society in many aspects. Nevertheless, it equally comes with the escalating privacy and critical cybersecurity concerns that can lead to catastrophic consequences, such as overwhelming the current network security frameworks. Consequently, both the industry and academia have been tirelessly harnessing various approaches to design, implement and deploy intrusion detection systems (IDSs) with event correlation frameworks to help mitigate some of these contemporary challenges. There are two common types of IDS: signature and anomaly-based IDS. Signature-based IDS, specifically, Snort works on the concepts of rules. However, the conventional way of creating Snort rules can be very costly and error-prone. Also, the massively generated alerts from heterogeneous anomaly-based IDSs is a significant research challenge yet to be addressed. Therefore, this paper proposed a novel Snort Automatic Rule Generator (SARG) that exploits the network packet contents to automatically generate efficient and reliable Snort rules with less human intervention. Furthermore, we evaluated the effectiveness and reliability of the generated Snort rules, which produced promising results. In addition, this paper proposed a novel Security Event Correlator (SEC) that effectively accepts raw events (alerts) without prior knowledge and produces a much more manageable set of alerts for easy analysis and interpretation. As a result, alleviating the massive false alarm rate (FAR) challenges of existing IDSs. Lastly, we have performed a series of experiments to test the proposed systems. It is evident from the experimental results that SARG-SEC has demonstrated impressive performance and could significantly mitigate the existing challenges of dealing with the vast generated alerts and the labor-intensive creation of Snort rules. |
| format | Online Article Text |
| id | pubmed-9044335 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | PeerJ Inc. |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-90443352022-04-28 A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC) Jaw, Ebrima Wang, Xueming PeerJ Comput Sci Artificial Intelligence The rapid advanced technological development alongside the Internet with its cutting-edge applications has positively impacted human society in many aspects. Nevertheless, it equally comes with the escalating privacy and critical cybersecurity concerns that can lead to catastrophic consequences, such as overwhelming the current network security frameworks. Consequently, both the industry and academia have been tirelessly harnessing various approaches to design, implement and deploy intrusion detection systems (IDSs) with event correlation frameworks to help mitigate some of these contemporary challenges. There are two common types of IDS: signature and anomaly-based IDS. Signature-based IDS, specifically, Snort works on the concepts of rules. However, the conventional way of creating Snort rules can be very costly and error-prone. Also, the massively generated alerts from heterogeneous anomaly-based IDSs is a significant research challenge yet to be addressed. Therefore, this paper proposed a novel Snort Automatic Rule Generator (SARG) that exploits the network packet contents to automatically generate efficient and reliable Snort rules with less human intervention. Furthermore, we evaluated the effectiveness and reliability of the generated Snort rules, which produced promising results. In addition, this paper proposed a novel Security Event Correlator (SEC) that effectively accepts raw events (alerts) without prior knowledge and produces a much more manageable set of alerts for easy analysis and interpretation. As a result, alleviating the massive false alarm rate (FAR) challenges of existing IDSs. Lastly, we have performed a series of experiments to test the proposed systems. It is evident from the experimental results that SARG-SEC has demonstrated impressive performance and could significantly mitigate the existing challenges of dealing with the vast generated alerts and the labor-intensive creation of Snort rules. PeerJ Inc. 2022-03-02 /pmc/articles/PMC9044335/ /pubmed/35494802 http://dx.doi.org/10.7717/peerj-cs.900 Text en ©2022 Jaw and Wang https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, reproduction and adaptation in any medium and for any purpose provided that it is properly attributed. For attribution, the original author(s), title, publication source (PeerJ Computer Science) and either DOI or URL of the article must be cited. |
| spellingShingle | Artificial Intelligence Jaw, Ebrima Wang, Xueming A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC) |
| title | A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC) |
| title_full | A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC) |
| title_fullStr | A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC) |
| title_full_unstemmed | A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC) |
| title_short | A novel hybrid-based approach of snort automatic rule generator and security event correlation (SARG-SEC) |
| title_sort | novel hybrid-based approach of snort automatic rule generator and security event correlation (sarg-sec) |
| topic | Artificial Intelligence |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9044335/ https://www.ncbi.nlm.nih.gov/pubmed/35494802 http://dx.doi.org/10.7717/peerj-cs.900 |
| work_keys_str_mv | AT jawebrima anovelhybridbasedapproachofsnortautomaticrulegeneratorandsecurityeventcorrelationsargsec AT wangxueming anovelhybridbasedapproachofsnortautomaticrulegeneratorandsecurityeventcorrelationsargsec AT jawebrima novelhybridbasedapproachofsnortautomaticrulegeneratorandsecurityeventcorrelationsargsec AT wangxueming novelhybridbasedapproachofsnortautomaticrulegeneratorandsecurityeventcorrelationsargsec |