Network Traffic Classification for Intrusion Detection - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Rapport (Rapport De Recherche) Année : 2004

Network Traffic Classification for Intrusion Detection

Résumé

Nowadays enterprises are looking for efficient security devices, like Intrusion Detection Systems (IDS), to supplement the firewalls supervision. Nevertheless, IDS are plugged with several problems that slow down their development: the high speed traffic and the increasing number of attack detection rules. We discuss in this paper new propositions to solve the outlined problems. Our first contribution consists in defining a new classification algorithm that splits the traffic using security policies and IDS characteristics. The proposed method can also be applied to quickly verify the detection rules. However, the memory consumption may grow up due to the increasing number of these rules. Therefore, we propose an efficient method to match the detection rules as our second contribution. The main idea is to properly organize the rules. This enables us to restrict the verification domain to only some ranges by taking advantage of the similarities and the differences between the different parts of the detection rules.

Domaines

Autre [cs.OH]
Fichier principal
Vignette du fichier
RR-5230.pdf (265.03 Ko) Télécharger le fichier

Dates et versions

inria-00070766 , version 1 (19-05-2006)

Identifiants

  • HAL Id : inria-00070766 , version 1

Citer

Tarek Abbes, Michaël Rusinowitch, Alakesh Haloi. Network Traffic Classification for Intrusion Detection. [Research Report] RR-5230, INRIA. 2004, pp.20. ⟨inria-00070766⟩
195 Consultations
407 Téléchargements

Partager

Gmail Facebook X LinkedIn More