Sciweavers

CCS
1999
ACM

A High-Performance Network Intrusion Detection System

14 years 4 months ago
A High-Performance Network Intrusion Detection System
In this paper we present a new approach for network intrusion detection based on concise specifications that characterize normal and abnormal network packet sequences. Our specification language is geared for a robust network intrusion detection by enforcing a strict type discipline via a combination of static and dynamic type checking. Unlike most previous approaches in network intrusion detection, our approach can easily support new network protocols as information relating to the protocols are not hard-coded into the system. Instead, we simply add suitable type definitions in the specifications and define intrusion patterns on these types. We compile these specifications into a highperformance network intrusion detection system. Important components of our approach include efficient algorithms for patternmatching and information aggregation on sequences of network packets. In particular, our techniques ensure that the matching time is insensitive to the number of patterns ch...
R. Sekar, Y. Guang, S. Verma, T. Shanbhag
Added 03 Aug 2010
Updated 03 Aug 2010
Type Conference
Year 1999
Where CCS
Authors R. Sekar, Y. Guang, S. Verma, T. Shanbhag
Comments (0)