Automatic Generation of Snort Content Rule for Network Traffic Analysis

Kyu-Seok Shim; Sung-Ho Yoon; Su-Kang Lee; Sung-Min Kim; Woo-Suk Jung; Myung-Sup Kim

Automatic Generation of Snort Content Rule for Network Traffic Analysis

Vol. 40, No. 4, pp. 666-677, Apr. 2015

PDF

Abstract

The importance of application traffic analysis for efficient network management has been emphasized continuously. Snort is a popular traffic analysis system which detects traffic matched to pre-defined signatures and perform various actions based on the rules. However, it is very difficult to get highly accurate signatures to meet various analysis purpose because it is very tedious and time-consuming work to search the entire traffic data manually or semi-automatically. In this paper, we propose a novel method to generate signatures in a fully automatic manner in the form of sort rule from raw packet data captured from network link or end-host. We use a sequence pattern algorithm to generate common substring satisfying the minimum support from traffic flow data. Also, we extract the location and header information of the signature which are the components of snort content rule. When we analyzed the proposed method to several application traffic data, the generated rule could detect more than 97 percentage of the traffic data.

Statistics

Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

K. Shim, S. Yoon, S. Lee, S. Kim, W. Jung, M. Kim, "Automatic Generation of Snort Content Rule for Network Traffic Analysis," The Journal of Korean Institute of Communications and Information Sciences, vol. 40, no. 4, pp. 666-677, 2015. DOI: .

[ACM Style]

Kyu-Seok Shim, Sung-Ho Yoon, Su-Kang Lee, Sung-Min Kim, Woo-Suk Jung, and Myung-Sup Kim. 2015. Automatic Generation of Snort Content Rule for Network Traffic Analysis. The Journal of Korean Institute of Communications and Information Sciences, 40, 4, (2015), 666-677. DOI: .

[KICS Style]

Kyu-Seok Shim, Sung-Ho Yoon, Su-Kang Lee, Sung-Min Kim, Woo-Suk Jung, Myung-Sup Kim, "Automatic Generation of Snort Content Rule for Network Traffic Analysis," The Journal of Korean Institute of Communications and Information Sciences, vol. 40, no. 4, pp. 666-677, 4. 2015.

Automatic Generation of Snort Content Rule for Network Traffic Analysis

Submenu

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

Recent Publications
(LAST 3 YEARS)

Automatic Generation of Snort Content Rule for Network Traffic Analysis

Submenu

Search (IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS(TOP 10 KEYWORDS)

Recent Publications(LAST 3 YEARS)

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)