Skip to main content
We gratefully acknowledge support from the Simons Foundation, member institutions, and all contributors. Donate
arXiv logo
Cornell University Logo

Computer Science > Cryptography and Security

arXiv:1805.10848 (cs)
[Submitted on 28 May 2018]

Title:Identification of Flaws in the Design of Signatures for Intrusion Detection Systems

Authors:Nancy Agarwal, Syed Zeeshan Hussain
View PDF
Abstract:Signature-based Intrusion Detection System (SIDS) provides a promising solution to the problem of web application security. However, the performance of the system highly relies on the quality of the signatures designed to detect attacks. A weak signature set may considerably cause an increase in false alarm rate, making impractical to deploy the system. The objective of the paper is to identify the flaws in the signature structure which are responsible to reduce the efficiency of the detection system. The paper targets SQL injection signatures particularly. Initially, some essential concepts of the domain of the attack that should be focused by the developer in prior to designing the signatures have been discussed. Afterwards, we conducted a case study on the well known PHPIDS tool for analyzing the quality of its SQL signatures. Based on the analysis, we identify various flaws in the designing practice that yield inefficient signatures. We divide the weak signatures into six categories, namely incomplete, irrelevant, semi-relevant, susceptible, redundant and inconsistent signatures. Moreover, we quantify these weaknesses and define them mathematically in terms of set theory. To the best of our knowledge, we have identified some novel signature design issues. The paper will basically assist the signature developer to know what level of expertise is required for devising a quality signature set and how a little ignorance may lead to deterioration in the performance of the SIDS. Furthermore, a security expert may evaluate the detector against the identified flaws by conducting structural analysis on its signature set.
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:1805.10848 [cs.CR]
  (or arXiv:1805.10848v1 [cs.CR] for this version)
  https://doi.org/10.48550/arXiv.1805.10848

Submission history

From: Nancy Agarwal [view email]
[v1] Mon, 28 May 2018 10:04:13 UTC (798 KB)
Full-text links:

Access Paper:

  • View PDF
  • Other Formats
view license
Current browse context:
cs.CR
< prev   |   next >
new | recent | 2018-05
Change to browse by:
cs

References & Citations

DBLP - CS Bibliography

listing | bibtex
Nancy Agarwal
Syed Zeeshan Hussain
export BibTeX citation

Bookmark

BibSonomy logo Reddit logo

Bibliographic and Citation Tools

Bibliographic Explorer (What is the Explorer?)
Connected Papers (What is Connected Papers?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)

Code, Data and Media Associated with this Article

alphaXiv (What is alphaXiv?)
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Hugging Face (What is Huggingface?)
Papers with Code (What is Papers with Code?)
ScienceCast (What is ScienceCast?)

Demos

Replicate (What is Replicate?)
Hugging Face Spaces (What is Spaces?)
TXYZ.AI (What is TXYZ.AI?)

Recommenders and Search Tools

Influence Flower (What are Influence Flowers?)
CORE Recommender (What is CORE?)

arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.

Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)