Abstract
Signature customization is a technique to help the misuse network based IDS to select an appropriate signature for the protected hosts. Additionally, it eliminates unnecessary signature matching in order to enhance the detection capabilities for the NIDS. This paper assesses the effectiveness of depending only on vulnerability scanners to perform signature customization. In addition, it introduces the integration of vulnerability scanners with patch management tools to limit the number of false positive and false negative customizations.
The results show that adding the patch management tools to the integration between the NIDS and vulnerability scanners can reduce the false signature customization. The proposed system will insure tuning accuracy for average of 30% of all shielded rules in the original signature customization system; accordingly improving the overall detection efficiency for the IDS.