Dynamically Detecting Security Threats and Updating a Signature-Based Intrusion Detection System’s Database

The electronic attacks that threaten the security of networks and information are increasing, especially during the current rapid electronic revolution. Therefore, it is necessary to use surveillance and protection systems in order to secure computer networks. An intrusion detection system (IDS) is one of the most important security systems available on the market. An IDS is a system that can be used to observe network traffic for illegal activities or illegitimate access to the network and to display alerts in such cases. There are three main types of IDSs: signature-based IDSs, anomaly-based IDSs and a hybrid of both. Auto-updating lists of attacks in order to overcome new types of attacks is one of the main challenges for a signature-based IDS. Most IDSs update their databases manually—done by network administrators—or by using websites that offer newly detected attack signatures. This paper proposes a model of auto-updating the attack lists using a filtering engine that acts as a second IDS engine. The results show an improvement in the overall accuracy of the IDS using the proposed model. In addition to detecting new attack signatures based on similarity, a blacklist of IP factors is used in the proposed model, which automates the updating process of IDS databases with the new attack signatures without human interference.