Assisting Network Intrusion Detection with Reconfigurable Hardware
FCCM '02 Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice
ACM Transactions on Computer Systems (TOCS)
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Fast Reconfiguring Deep Packet Filter for 1+ Gigabit Network
FCCM '05 Proceedings of the 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Towards software-based signature detection for intrusion prevention on the network card
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Impact of Packet Sampling on Portscan Detection
IEEE Journal on Selected Areas in Communications
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Hi-index | 0.00 |
It is well known that Intrusion Detection System (IDS) does not scale well with Gigabit links. Unlike the other solutions that try to increase the performance of IDS by the distributed architecture, we develop a novel sampling method IDSampling whose sampling rate is adaptive to the memory bottleneck consumption to capture attack packets as many as possible by analyzing characteristics of the attack traffic. IDSampling applies a single sampling strategy based on four traffic feature entropies when large-scale traffic anomaly occurs, and another complicated one instructed by the feedback of the following detection results by default. The results of experiment show that IDSampling can help IDS to remain effective even when it is overloaded. And compared with the other two notable sampling method, packet sampling and random flow sampling, IDSampling outperforms them greatly, especially in low sampling rate.