A Proposed Model For Signature-Based Intrusion Detection System

Abstract

Research Problem: Large signature database size which causes a longer time to match packets and files with malware signature database. Large size signature database will also results in more resource consumption rates. Study Objectives: Improving signature based IDS by reducing database size. Study Population (Sample): Malware Signatures. Research Methodology: Experimental Study.

Main Results: Results show that with small signature database, the performance of the IDS will be increased and time needed to search for malicious packets is decreased. Additionally, using parallel processing make detection process faster and reduce time needed to find a match.

Main Recommendations: 1- Develop an algorithm to get rid of the large size database and only use small size database to provide better performance and faster detection without cause any malware to skip detection. 2- Make automatic updating process more intelligent by using Artificial Intelligent (IA) techniques to decide how the database are updated with new signatures to prevent human error while adding signatures manually.