High Performance Intrusion Detection using Traffic Classification - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2004

High Performance Intrusion Detection using Traffic Classification

Résumé

The crucial problem of ever increasing high traffic encountered by an IDS can be tackled by classifying the network traffic and distributing the analysis among several IDSes ensuring faster detection. Besides, each IDS equipped with only the required functionalities can provide sharper analysis of the traffic. We propose in this paper a new classification algorithm that constructs a Direct Acyclic Graph (DAG) to split the traffic using security policies and IDS characteristics. The method divides different classfication rule features into several bytes and sorts them by considering explicit values before masked one thereby reducing overlaps between rules ensuring smaller DAG and easier way to classify packets during runtime.
Fichier non déposé

Dates et versions

inria-00100008 , version 1 (26-09-2006)

Identifiants

  • HAL Id : inria-00100008 , version 1

Citer

Tarek Abbes, Alakesh Haloi, Michaël Rusinowitch. High Performance Intrusion Detection using Traffic Classification. International Conference on Advances in Intelligent Systems - Theory and Applications - AISTA 2004, 2004, Luxembourg. ⟨inria-00100008⟩
221 Consultations
0 Téléchargements

Partager

Gmail Facebook X LinkedIn More