2015 : Coro : Graph-based automatic intrusion detection system signature generator for evoting protection

Prof.Ir. Supeno Djanali M.Sc Ph.D
Dr.Eng. Radityo Anggoro S.Kom, M.Sc
Hudan Studiawan S.Kom., M.Kom.


Abstract

Attacks on computer network are increasing everyday and most institution use Intrusion Detection System (IDS) to cope with that and most used IDS is the signature-based IDS, which need a database of rules when looking for an malicious packet. Yet there are two problems with this kind of IDS, first, not all people are able to create a signature or rule, therefore they need to wait for updates if they want to renew their database. Secondly, zero-day attack, attack that has never been happened before, is the main weakness of this IDS due to absence of its signature. We proposed Coro, an IDS signature generator that create an IDS rules based on honeypot log data. Coro uses graph clustering that make it be able to cluster data without the need to recompute the centroid. Coro focuses on HTTP, as it will be used to harden our e-voting system, but it is possible to be extended to other protocols. Our experiment showed that …