Automatic generation of domain specific customized signatures for an enterprise intrusion detection system based on sentimental analysis

Abstract

IDS is a powerful tool in monitoring intruders. It detects the intruders based on pre defined patterns known as signatures. But in the context of an enterprise, a single IDS for the whole organization may not function effectively as there will be several business units (domains) such as HR, Finance, Marketing etc. Each business unit will have its own set of activities, business rules and security requirements. It should be possible for the personnel in these enterprise business units to enter their own security business rules. Since many of these personnel do not have expertise in writing signature to IDS, it would be convenient for them to specify the rules in Natural Language statements like English. These natural language statements should be converted to IDS signatures and are supposed to be added to signature database. In this paper, we have provided an interface to enter rules in natural language. Using Sentimental Analysis technique, we processed the natural language statements for conversion to IDS signatures. The converted signatures are added to corresponding business domain signature database. These domain specific customized signatures will certainly enhance the security of an enterprise.