Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
LISA
2008
2008
Fast Packet Classification for Snort by Native Compilation of Rules
Signature matching, which includes packet classification and content matching, is the most expensive operation of a signature-based network intrusion detection system (NIDS). In this paper, we present a technique to improve the performance of packet classification of Snort, a popular open-source NIDS, based on generating native code from Snort signatures.1 An obvious way to generate native code for packet classification is to use a low-level language like C to access the contents of a packet by treating it as a sequence of bytes. Generating such low-level code manually can be cumbersome and error prone. Use of a high-level specification language can simplify the task of writing packet classification code. Such a language needs features that minimize the likelihood of common errors as errors in the packet processing code can crash the intrusion detection system, which may leave it open to attacks. To overcome these problems, we use a rule-based specification language with a type system...
Real-time Traffic| Added | 02 Oct 2010 |
| Updated | 02 Oct 2010 |
| Type | Conference |
| Year | 2008 |
| Where | LISA |
| Authors | Alok Tongaonkar, Sreenaath Vasudevan, R. Sekar |
Comments (0)
Researcher Info
|
