A Frequent Pattern Based Extension of Snort for Intrusion Detection
| dc.contributor.author | Chettiba, Youcef | |
| dc.contributor.author | Ben Atallah, Abdennour | |
| dc.date.accessioned | 2022-02-17T09:13:59Z | |
| dc.date.available | 2022-02-17T09:13:59Z | |
| dc.date.issued | 2019 | |
| dc.description.abstract | Snort is a lightweight, open source, rule-based intrusion detection system. In principle, malicious traffic is recognized thanks to a manually elaborated set of rules by an expert. In this thesis, we develop a different approach, which consists of automatic generation of snort rules. The basic idea is to use frequent pattern algorithms to extract a set of characterization rules of attack packets using traffic data analysis. We design a framework which includes a preprocessing phase and frequent pattern mining phase. We use the LBLN dataset and two class of mining algorithms: all frequent patterns (Apriori, FPGrowth, FIN), and maximal frequent patterns (FPMax) as implemented in the SPMF library. The set of experiments in both linux and windows shows that the quality of the system is sensitive to the minimum support value. We reach the best result using the FIN algorithm with an accuracy of 0.75 when the minimum support is equal to 0.4. ... | EN_en |
| dc.identifier.uri | https://dspace.univ-ghardaia.edu.dz/xmlui/handle/123456789/695 | |
| dc.publisher | جامعة غرداية | EN_en |
| dc.subject | Frequent patterns mining, Intrusion detection, Snort, Network Traffic Analysis | EN_en |
| dc.subject | ,HPñ J Ë@ ,ÉÊ Ë@ » , èPQº JÖÏ@ AÖ ß B@ á« I . J ® J JË@ : éJ kA J ®Ó HAÒÊ¿ HA¾J . Ë@ ¯Y K ÉJ Êm | EN_en |
| dc.title | A Frequent Pattern Based Extension of Snort for Intrusion Detection | EN_en |
| dc.type | Thesis | EN_en |