الفهرس 
Chapter 1 IntroductionOnly 14 pages are availabe for public view
 |  | from | 107 |  |  |
| | | from | 107 | | |
Abstract
Signature customization is a technique to help the misuse network based
intrusion detection
system (NIDS)
to select an appropriate signature for the protected host. Additionally, it
eliminates
unnecessary signature matching in order to enhance the dete
ction capabilities for the
NIDS.
Vulnerability scanners are automated tools that define, identify, and classify security holes
(vulnerabilities) in a computer, server, network, or communications infrastructure. Scanners
discover missed patches on target sy
stems and report related vulnerabilities.
A technique
was introduced enhancing the intrusion detection system signature customization
based on the vulnerability scanners’ detections. In addition, m
any of the current information
security systems use vulner
ability scanners as the main part in the risk assessment process. Others
depend on the scanners’ output in the systems patch management.
This
research
assesses the effectiveness of depending on vulnerability scanners in the
information security management
system
and to perform IDS signature customization
.
In addition,
it introduces the integration of vulnerability scanners with patch management tools to limit the
number of false positive and false negative customizations.
Experimental tests
show the severity of relying on vulnerability scanners to discover system
patches status. A number of false positive and false negative detections for the system patches are
reported by each of the tested
vulnerability
scanner. The severe level for some of
the unreported
missed patches ranked as critical that puts the system in a high risk and makes it vulnerable for
different attacks.
The results show that adding the patch management tools to the integration
between the NIDS and vulnerability scanners can
reduce the false customization and the number of
severe attacks; accordingly improving the overall detection efficiency for the IDS.