Network Traffic Classification for Intrusion Detection

Tarek Abbes 1 Michaël Rusinowitch 1 Alakesh Haloi
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Nowadays enterprises are looking for efficient security devices, like Intrusion Detection Systems (IDS), to supplement the firewalls supervision. Nevertheless, IDS are plugged with several problems that slow down their development: the high speed traffic and the increasing number of attack detection rules. We discuss in this paper new propositions to solve the outlined problems. Our first contribution consists in defining a new classification algorithm that splits the traffic using security policies and IDS characteristics. The proposed method can also be applied to quickly verify the detection rules. However, the memory consumption may grow up due to the increasing number of these rules. Therefore, we propose an efficient method to match the detection rules as our second contribution. The main idea is to properly organize the rules. This enables us to restrict the verification domain to only some ranges by taking advantage of the similarities and the differences between the different parts of the detection rules.
Document type :
Reports
Complete list of metadatas

https://hal.inria.fr/inria-00070766
Contributor : Rapport de Recherche Inria <>
Submitted on : Friday, May 19, 2006 - 9:34:29 PM
Last modification on : Friday, July 6, 2018 - 3:06:10 PM
Long-term archiving on : Sunday, April 4, 2010 - 9:52:27 PM

Identifiers

  • HAL Id : inria-00070766, version 1

Citation

Tarek Abbes, Michaël Rusinowitch, Alakesh Haloi. Network Traffic Classification for Intrusion Detection. [Research Report] RR-5230, INRIA. 2004, pp.20. ⟨inria-00070766⟩

Share

Metrics

Record views

391

Files downloads

555