3539 articles – 5263 references  [version française]

inria-00100008, version 1

High Performance Intrusion Detection using Traffic Classification

Tarek Abbes () a1, Alakesh Haloi b1, Michaël Rusinowitch c1

International Conference on Advances in Intelligent Systems - Theory and Applications - AISTA 2004 (2004)

Abstract: The crucial problem of ever increasing high traffic encountered by an IDS can be tackled by classifying the network traffic and distributing the analysis among several IDSes ensuring faster detection. Besides, each IDS equipped with only the required functionalities can provide sharper analysis of the traffic. We propose in this paper a new classification algorithm that constructs a Direct Acyclic Graph (DAG) to split the traffic using security policies and IDS characteristics. The method divides different classfication rule features into several bytes and sorts them by considering explicit values before masked one thereby reducing overlaps between rules ensuring smaller DAG and easier way to classify packets during runtime.

  • a –  UNIVERSITE HENRI POINCARE
  • b –  INRIA
  • c –  CNRS
  • 1:  CASSIS (INRIA Lorraine - LORIA / LIFC)
  • INRIA – CNRS : FRE2661 – Université de Franche-Comté – Université Henri Poincaré - Nancy I – Université Nancy II – Institut National Polytechnique de Lorraine (INPL)
  • Domain : Computer Science/Other
  • Keywords : traffic classification – Intrusion detection || classification du trafic – détection d'intrusions
  • Internal note : A04-R-226 || abbes04e
  • Comment : Colloque avec actes et comité de lecture. internationale.
 
  • inria-00100008, version 1
  • http://hal.inria.fr/inria-00100008
  • oai:hal.inria.fr:inria-00100008
  • From: Publications Loria <>
  • Submitted on: Tuesday, 26 September 2006 10:13:20
  • Updated on: Wednesday, 17 January 2007 14:30:54