High Performance Intrusion Detection using Traffic Classification

Tarek Abbes 1 Alakesh Haloi 1 Michaël Rusinowitch 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies, INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : The crucial problem of ever increasing high traffic encountered by an IDS can be tackled by classifying the network traffic and distributing the analysis among several IDSes ensuring faster detection. Besides, each IDS equipped with only the required functionalities can provide sharper analysis of the traffic. We propose in this paper a new classification algorithm that constructs a Direct Acyclic Graph (DAG) to split the traffic using security policies and IDS characteristics. The method divides different classfication rule features into several bytes and sorts them by considering explicit values before masked one thereby reducing overlaps between rules ensuring smaller DAG and easier way to classify packets during runtime.
Type de document :
Communication dans un congrès
International Conference on Advances in Intelligent Systems - Theory and Applications - AISTA 2004, 2004, Luxembourg, 2004
Liste complète des métadonnées

https://hal.inria.fr/inria-00100008
Contributeur : Publications Loria <>
Soumis le : mardi 26 septembre 2006 - 10:13:20
Dernière modification le : jeudi 11 janvier 2018 - 06:20:00

Identifiants

  • HAL Id : inria-00100008, version 1

Citation

Tarek Abbes, Alakesh Haloi, Michaël Rusinowitch. High Performance Intrusion Detection using Traffic Classification. International Conference on Advances in Intelligent Systems - Theory and Applications - AISTA 2004, 2004, Luxembourg, 2004. 〈inria-00100008〉

Partager

Métriques

Consultations de la notice

373