DocumentCode :
1954042
Title :
Traffic-aware packet matching for intrusion detection systems
Author :
Yoshioka, Atsushi ; Kim, Min Sik
Author_Institution :
School of Electrical Engineering and Computer Science, Washington State University, Pullman, 99164-2752, U.S.A.
fYear :
2007
fDate :
10-14 Sept. 2007
Firstpage :
309
Lastpage :
310
Abstract :
Intrusion detection systems spend the majority of CPU time on matching packets against rules. Hence, fast identification of matches is crucial. Previous approaches may result in poor performance under certain traffic conditions because they either do not respond to traffic pattern or require setup time to organize rules whenever traffic pattern changes. We propose a two-stage packet matching to reduce matching time with little overhead. The first stage applies a small number of most-frequently matched rules. Only a fraction of packets are passed to the second stage, experiencing longer processing time. Rules in the first stage are constantly updated as their frequencies change.
Keywords :
Computer science; Databases; Frequency; High-speed networks; Intrusion detection; Open source software; Pattern matching; Protocols; Telecommunication traffic; Tree data structures;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Broadband Communications, Networks and Systems, 2007. BROADNETS 2007. Fourth International Conference on
Conference_Location :
Raleigh, NC, USA
Print_ISBN :
978-1-4244-1432-1
Electronic_ISBN :
978-1-4244-1433-8
Type :
conf
DOI :
10.1109/BROADNETS.2007.4550445
Filename :
4550445
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1954042
بازگشت