Skip to Main content Skip to Navigation

Network Traffic Classification for Intrusion Detection

Tarek Abbes 1 Michaël Rusinowitch 1 Alakesh Haloi
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Nowadays enterprises are looking for efficient security devices, like Intrusion Detection Systems (IDS), to supplement the firewalls supervision. Nevertheless, IDS are plugged with several problems that slow down their development: the high speed traffic and the increasing number of attack detection rules. We discuss in this paper new propositions to solve the outlined problems. Our first contribution consists in defining a new classification algorithm that splits the traffic using security policies and IDS characteristics. The proposed method can also be applied to quickly verify the detection rules. However, the memory consumption may grow up due to the increasing number of these rules. Therefore, we propose an efficient method to match the detection rules as our second contribution. The main idea is to properly organize the rules. This enables us to restrict the verification domain to only some ranges by taking advantage of the similarities and the differences between the different parts of the detection rules.
Document type :
Complete list of metadata
Contributor : Rapport de Recherche Inria Connect in order to contact the contributor
Submitted on : Friday, May 19, 2006 - 9:34:29 PM
Last modification on : Friday, January 21, 2022 - 3:09:04 AM
Long-term archiving on: : Sunday, April 4, 2010 - 9:52:27 PM


  • HAL Id : inria-00070766, version 1


Tarek Abbes, Michaël Rusinowitch, Alakesh Haloi. Network Traffic Classification for Intrusion Detection. [Research Report] RR-5230, INRIA. 2004, pp.20. ⟨inria-00070766⟩



Record views


Files downloads