On the Fly Pattern Matching For Intrusion Detection with Snort - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Article Dans Une Revue Annals of Telecommunications - annales des télécommunications Année : 2004

On the Fly Pattern Matching For Intrusion Detection with Snort

Résumé

Intrusion Detection Systems are important tools for system administrators to protect their network. However they find more and more difficulties with high speed networks. To enhance their capacity and deal with evasion techniques, frequently used by hackers, we have introduced a new method to filter the network traffic. The detection method, while being stateful, processes each packet as soon as it is received. We have employed this strategy after a new classification of detection rules. Then, we have used efficient multisearch methods and suitable datastructure for signatures. The method has been successfully implemented as an extension of the Intrusion Detection System "Snort". || Les systèmes de détection d'intrusions sont devenus indispensables pour les administrateurs afin de protéger leurs réseaux. Cependant, ces outils présentent des lacunes pour traiter le haut débit et mener une analyse précise du contenu des paquets. Nous p

Dates et versions

inria-00100005 , version 1 (26-09-2006)

Identifiants

Citer

Tarek Abbes, Adel Bouhoula, Michaël Rusinowitch. On the Fly Pattern Matching For Intrusion Detection with Snort. Annals of Telecommunications - annales des télécommunications, 2004, 59 (9-10), pp.941--967. ⟨10.1007/BF03179710⟩. ⟨inria-00100005⟩
109 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More