Skip to Main content Skip to Navigation
Journal articles

On the Fly Pattern Matching For Intrusion Detection with Snort

Tarek Abbes 1 Adel Bouhoula Michaël Rusinowitch 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Intrusion Detection Systems are important tools for system administrators to protect their network. However they find more and more difficulties with high speed networks. To enhance their capacity and deal with evasion techniques, frequently used by hackers, we have introduced a new method to filter the network traffic. The detection method, while being stateful, processes each packet as soon as it is received. We have employed this strategy after a new classification of detection rules. Then, we have used efficient multisearch methods and suitable datastructure for signatures. The method has been successfully implemented as an extension of the Intrusion Detection System "Snort". || Les systèmes de détection d'intrusions sont devenus indispensables pour les administrateurs afin de protéger leurs réseaux. Cependant, ces outils présentent des lacunes pour traiter le haut débit et mener une analyse précise du contenu des paquets. Nous p
Document type :
Journal articles
Complete list of metadata

https://hal.inria.fr/inria-00100005
Contributor : Publications Loria <>
Submitted on : Tuesday, September 26, 2006 - 10:13:18 AM
Last modification on : Friday, January 15, 2021 - 3:24:33 AM

Identifiers

  • HAL Id : inria-00100005, version 1

Citation

Tarek Abbes, Adel Bouhoula, Michaël Rusinowitch. On the Fly Pattern Matching For Intrusion Detection with Snort. Annals of Telecommunications - annales des télécommunications, Springer, 2004, 59 (9-10), pp.941--967. ⟨inria-00100005⟩

Share

Metrics

Record views

321