On the Fly Pattern Matching For Intrusion Detection with Snort

Tarek Abbes; Adel Bouhoula; Michaël Rusinowitch

inria-00100005, version 1

On the Fly Pattern Matching For Intrusion Detection with Snort

Tarek Abbes ()^a^, 1, Adel Bouhoula^b, Michaël Rusinowitch^c^, 1

Annales des Télécommunications 59, 9-10 (2004) 941--967

Résumé : Intrusion Detection Systems are important tools for system administrators to protect their network. However they find more and more difficulties with high speed networks. To enhance their capacity and deal with evasion techniques, frequently used by hackers, we have introduced a new method to filter the network traffic. The detection method, while being stateful, processes each packet as soon as it is received. We have employed this strategy after a new classification of detection rules. Then, we have used efficient multisearch methods and suitable datastructure for signatures. The method has been successfully implemented as an extension of the Intrusion Detection System "Snort". || Les systèmes de détection d'intrusions sont devenus indispensables pour les administrateurs afin de protéger leurs réseaux. Cependant, ces outils présentent des lacunes pour traiter le haut débit et mener une analyse précise du contenu des paquets. Nous p

a – UNIVERSITE HENRI POINCARE
b – ECOLE SUPERIEURE DES COMMUNICATIONS DE TUNIS
c – CNRS
1 : CASSIS (INRIA Lorraine - LORIA / LIFC)
INRIA – CNRS : FRE2661 – Université de Franche-Comté – Université Henri Poincaré - Nancy I – Université Nancy II – Institut National Polytechnique de Lorraine (INPL)

inria-00100005, version 1
http://hal.inria.fr/inria-00100005
oai:hal.inria.fr:inria-00100005
Contributeur : Publications Loria <>
Soumis le : Mardi 26 Septembre 2006, 10:13:18
Dernière modification le : Mercredi 17 Janvier 2007, 14:31:33

Voir la fiche détaillée

Exporter

Bibtex EndNote TEI RefWorks

<?xml version="1.0" encoding="UTF-8"?>
<listBibl xmlns="http://www.tei-c.org/ns/1.0" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:mml="http://www.w3.org/1998/Math/MathML">
<listBibl type="article"><head>Articles dans des revues avec comité de lecture</head>
<biblStruct type="article" xml:id="inria-00100005"><analytic>
<author><persName><forename>Tarek</forename><surname>Abbes</surname></persName>
<affiliation>
<orgName type="laboratory">INRIA Lorraine - LORIA / LIFC</orgName>
<orgName type="team">CASSIS</orgName>
<country>FR</country>
<orgName type="institution">INRIA</orgName>
<orgName type="institution">CNRS : FRE2661</orgName>
<orgName type="institution">Université de Franche-Comté</orgName>
<orgName type="institution">Université Henri Poincaré - Nancy I</orgName>
<orgName type="institution">Université Nancy II</orgName>
<orgName type="institution">Institut National Polytechnique de Lorraine (INPL)</orgName>
</affiliation>
</author>
<author><persName><forename>Adel</forename><surname>Bouhoula</surname></persName></author>
<author><persName><forename>Michaël</forename><surname>Rusinowitch</surname></persName>
<affiliation>
<orgName type="laboratory">INRIA Lorraine - LORIA / LIFC</orgName>
<orgName type="team">CASSIS</orgName>
<country>FR</country>
<orgName type="institution">INRIA</orgName>
<orgName type="institution">CNRS : FRE2661</orgName>
<orgName type="institution">Université de Franche-Comté</orgName>
<orgName type="institution">Université Henri Poincaré - Nancy I</orgName>
<orgName type="institution">Université Nancy II</orgName>
<orgName type="institution">Institut National Polytechnique de Lorraine (INPL)</orgName>
</affiliation>
</author>
<title type="main" level="a">On the Fly Pattern Matching For Intrusion Detection with Snort</title></analytic><monogr><title level="j" type="main">Annales des Télécommunications</title><imprint><publisher>none</publisher><biblScope type="publicationDate">2004-00-00</biblScope><biblScope type="vol">59</biblScope><biblScope type="issue">9-10</biblScope><biblScope type="pp">941--967</biblScope></imprint></monogr><idno type="HALid">http://hal.inria.fr/inria-00100005</idno></biblStruct>
</listBibl>
</listBibl>