Reducing Payload Inspection Cost Using Rule Classification for Fast Attack Signature Matching
スポンサーリンク
概要
- 論文の詳細を見る
Network intrusion detection systems rely on a signature-based detection engine. When under attack or during heavy traffic, the detection engines need to make a fast decision whether a packet or a sequence of packets is normal or malicious. However, if packets have a heavy payload or the system has a great deal of attack patterns, the high cost of payload inspection severely diminishes detection performance. Therefore, it would be better to avoid unnecessary payload scans by checking the protocol fields in the packet header, before executing their heavy operations of payload inspection. When payload inspection is necessary, it is better to compare a minimum number of attack patterns. In this paper, we propose new methods to classify attack signatures and make pre-computed multi-pattern groups. Based on IDS rule analysis, we grouped the signatures of attack rules by a multi-dimensional classification method adapted to a simplified address flow. The proposed methods reduce unnecessary payload scans and make light pattern groups to be checked. While performance improvements are dependent on a given networking environment, the experimental results with the DARPA data set and university traffic show that the proposed methods outperform the most recent Snort by up to 33%.
論文 | ランダム
- 全国いきいき事例ファイル(6)滝沢村の保健計画--ヘルスプロモーションに基づく保健計画策定と村の行政改革
- 20世紀に学ぶ21世紀の地域の歯科保健--岩手の食文化を新しいパラダイムで生かす (特集 21世紀の地域歯科保健の展開)
- 保健所のこれからの可能性--活動を通じての保健所機能のイメ-ジの共有から (特集:新たな保健所機能)
- 保健所における母子保健活動の展開 (特集 市町村における母子保健活動の推進)
- 保健所機能の新たな展開--飛躍する保健所--自由な予算と保健所間のネットワ-クで活性化を