Fast Multipattern Matching for Intrusion Detection

Tarek Abbes 1 Michaël Rusinowitch 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Misuse intrusion detection (IDS) detects signatures of attack scenarios. Hackers try to avoid detection by permuting actions, and inserting, hiding or overlapping packets. Stateful detection becomes thus essential to suitably supervise network traffic. We propose in this paper a new approach for analysing the network traffic. The inspection, while being stateful, processes each packet as soon as it is received. We have used this strategy with appropriate multi-search methods and adequate datastructures for signatures.
Type de document :
Communication dans un congrès
Urs E. Gattiker. 13th Annual Conference on European Institute for Computer Anti-virus Research - EICAR'2004, May 2004, Luxemburg, Luxembourg, 22 p, 2004
Liste complète des métadonnées

https://hal.inria.fr/inria-00100007
Contributeur : Publications Loria <>
Soumis le : mardi 26 septembre 2006 - 10:13:18
Dernière modification le : vendredi 6 juillet 2018 - 15:06:09

Identifiants

  • HAL Id : inria-00100007, version 1

Citation

Tarek Abbes, Michaël Rusinowitch. Fast Multipattern Matching for Intrusion Detection. Urs E. Gattiker. 13th Annual Conference on European Institute for Computer Anti-virus Research - EICAR'2004, May 2004, Luxemburg, Luxembourg, 22 p, 2004. 〈inria-00100007〉

Partager

Métriques

Consultations de la notice

181