الفهرس | Only 14 pages are availabe for public view |
Abstract Signature customization is a technique to help the misuse network based intrusion detection system (NIDS) to select an appropriate signature for the protected host. Additionally, it eliminates unnecessary signature matching in order to enhance the dete ction capabilities for the NIDS. Vulnerability scanners are automated tools that define, identify, and classify security holes (vulnerabilities) in a computer, server, network, or communications infrastructure. Scanners discover missed patches on target sy stems and report related vulnerabilities. A technique was introduced enhancing the intrusion detection system signature customization based on the vulnerability scanners’ detections. In addition, m any of the current information security systems use vulner ability scanners as the main part in the risk assessment process. Others depend on the scanners’ output in the systems patch management. This research assesses the effectiveness of depending on vulnerability scanners in the information security management system and to perform IDS signature customization . In addition, it introduces the integration of vulnerability scanners with patch management tools to limit the number of false positive and false negative customizations. Experimental tests show the severity of relying on vulnerability scanners to discover system patches status. A number of false positive and false negative detections for the system patches are reported by each of the tested vulnerability scanner. The severe level for some of the unreported missed patches ranked as critical that puts the system in a high risk and makes it vulnerable for different attacks. The results show that adding the patch management tools to the integration between the NIDS and vulnerability scanners can reduce the false customization and the number of severe attacks; accordingly improving the overall detection efficiency for the IDS. |