Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROSEC
2010
ACM
2010
ACM
Improving the accuracy of network intrusion detection systems under load using selective packet discarding
Under conditions of heavy traffic load or sudden traffic bursts, the peak processing throughput of network intrusion detection systems (NIDS) may not be sufficient for inspecting all monitored traffic, and the packet capturing subsystem inevitably drops excess arriving packets before delivering them to the NIDS. This impedes the detection ability of the system and leads to missed attacks. In this work we present selective packet discarding, a best effort approach that enables the NIDS to anticipate overload conditions and minimize their impact on attack detection. Instead of letting the packet capturing subsystem randomly drop arriving packets, the NIDS proactively discards packets that are less likely to affect its detection accuracy, and focuses on the traffic at the early stages of each network flow. We present the design of selective packet discarding and its implementation in Snort NIDS. Our experiments show that selective packet discarding significantly improves the detectio...
Real-time TrafficDetection | EUROSEC 2010 | Packet Capturing Subsystem | Security Privacy | Selective Packet Discarding |
Related Content
| Added | 17 May 2010 |
| Updated | 17 May 2010 |
| Type | Conference |
| Year | 2010 |
| Where | EUROSEC |
| Authors | Antonis Papadogiannakis, Michalis Polychronakis, Evangelos P. Markatos |
Comments (0)
Researcher Info
|
