Skip to Main content Skip to Navigation
Conference papers

High Performance Intrusion Detection using Traffic Classification

Tarek Abbes 1 Alakesh Haloi 1 Michaël Rusinowitch 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : The crucial problem of ever increasing high traffic encountered by an IDS can be tackled by classifying the network traffic and distributing the analysis among several IDSes ensuring faster detection. Besides, each IDS equipped with only the required functionalities can provide sharper analysis of the traffic. We propose in this paper a new classification algorithm that constructs a Direct Acyclic Graph (DAG) to split the traffic using security policies and IDS characteristics. The method divides different classfication rule features into several bytes and sorts them by considering explicit values before masked one thereby reducing overlaps between rules ensuring smaller DAG and easier way to classify packets during runtime.
Document type :
Conference papers
Complete list of metadata
Contributor : Publications Loria Connect in order to contact the contributor
Submitted on : Tuesday, September 26, 2006 - 10:13:20 AM
Last modification on : Friday, January 21, 2022 - 3:09:02 AM


  • HAL Id : inria-00100008, version 1


Tarek Abbes, Alakesh Haloi, Michaël Rusinowitch. High Performance Intrusion Detection using Traffic Classification. International Conference on Advances in Intelligent Systems - Theory and Applications - AISTA 2004, 2004, Luxembourg. ⟨inria-00100008⟩



Record views