Environment Dependent Performance Tuning forNetwork Intrusion Detection System

• Main Authors: Cheng-Hsiu Liu, 劉政秀
• Other Authors: Hsiao-Rong Tyan
• Format: Others
• Language: zh-TW
• Published: 2005
• Online Access: http://ndltd.ncl.edu.tw/handle/18745525969712986542

碩士 === 中原大學 === 資訊工程研究所 === 93 === With the Internet seeing more and more attacks, and attacking skills evolving. Internet attack model has changed from sending intrusion packets to specific target system to arbitrarily sending packets to intrude any vulnerable computers on Internet. In case that our network environment does not provide the service or does not have the software vulnerability certain intrusion packet targeted. But the detection rule database of the intrusion detection system deployed in our network environment has these signatures, these attacking packets can easily cause a large amount of alerts to be generated and degrade the performance of the IDS. Therefore, we proposed a method to apply the knowledge about the network environment in tuning intrusion detection system, By customizing the detection rule base, the size of the detection rule database can be reduced, which leads to decreased amount of signature comparison and less unnecessary alerts. In this way, the intrusion detection system can save computing resources and concentrate on the more vulnerable parts of the system and improve its performance.