Sciweavers

ANCS
2006
ACM

Packet pre-filtering for network intrusion detection

14 years 4 months ago
Packet pre-filtering for network intrusion detection
As Intrusion Detection Systems (IDS) utilize more complex syntax to efficiently describe complex attacks, their processing requirements increase rapidly. Hardware and, even more, software platforms face difficulties in keeping up with the computationally intensive IDS tasks, and face overheads that can substantially diminish performance. In this paper we introduce a packet pre-filtering approach as a means to resolve, or at least alleviate, the increasing needs of current and future intrusion detection systems. We observe that it is very rare for a single incoming packet to fully or partially match more than a few tens of IDS rules. We capitalize on this observation selecting a small portion from each IDS rule to be matched in the pre-filtering step. The result of this partial match is a small subset of rules that are candidates for a full match. Given this pruned set of rules that can apply to a packet, a second-stage, fullmatch engine can sustain higher throughput. We use DefCon tra...
Ioannis Sourdis, Vassilis Dimopoulos, Dionisios N.
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where ANCS
Authors Ioannis Sourdis, Vassilis Dimopoulos, Dionisios N. Pnevmatikatos, Stamatis Vassiliadis
Comments (0)