Kernel-level intrusion detection method using simplification and grouping

Author

Chung, Bo-heung ; Ryu, Seung-Ho ; Kim, Jeong-Nyeo ; Jang, Jong-Soo

Author_Institution

Electron. & Telecommun. Res. Inst.

Volume

1

fYear

0

fDate

0-0 0

Firstpage

251

Lastpage

254

Abstract

This paper proposes the kernel-level intrusion detection method (KIDM) using simplification and grouping of intrusion detection rules. These rules group into group-rule and common-rule generated by simplification. The intrusion detection is separated into common detection and extended detection step. The packet is checked by common detection using the common-rule. If this step detects nothing, the packet is forwarded to its destination. If not, it is passed into the extended detection using the group-rule. Through grouping of similar detection rules, the search space and searching time can be greatly minimized. Using the simplified rule in intrusion detection, the packet inspection time can be largely reduced. With the help of these two steps, fast and effective intrusion detection is possible in network nodes such as router and switch

Keywords

telecommunication networks; telecommunication security; common detection; common-rule; extended detection; group-rule; intrusion detection rule grouping; intrusion detection rule simplification; kernel-level intrusion detection method; Inspection; Intrusion detection; Packet switching; Switches;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Communication Technology, 2005, ICACT 2005. The 7th International Conference on

Conference_Location

Phoenix Park

Type

conf

DOI

10.1109/ICACT.2005.245838

Filename

1461781