A high-performance network intrusion detection system
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
VDE: Virtual Distributed Ethernet
TRIDENTCOM '05 Proceedings of the First International Conference on Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities
Exploiting Independent State For Network Intrusion Detection
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
An Active Splitter Architecture for Intrusion Detection and Prevention
IEEE Transactions on Dependable and Secure Computing
Co-ordinated port scans: a model, a detector and an evaluation methodology
Co-ordinated port scans: a model, a detector and an evaluation methodology
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Elections in a Distributed Computing System
IEEE Transactions on Computers
Validity of the single processor approach to achieving large scale computing capabilities
AFIPS '67 (Spring) Proceedings of the April 18-20, 1967, spring joint computer conference
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
A Memory-Efficient Parallel String Matching Architecture for High-Speed Intrusion Detection
IEEE Journal on Selected Areas in Communications
Network-wide deployment of intrusion detection and prevention systems
Proceedings of the 6th International COnference
Modeling a distributed intrusion detection system using collaborative building blocks
ACM SIGSOFT Software Engineering Notes
MIDeA: a multi-parallel intrusion detection architecture
Proceedings of the 18th ACM conference on Computer and communications security
Wild-Inspired Intrusion Detection System Framework for High Speed Networks f|p IDS Framework
International Journal of Information Security and Privacy
Hi-index | 0.00 |
The increase in bandwidth over processing power has made stateful intrusion detection for high-speed networks more difficult, and, in certain cases, impossible. The problem of real-time stateful intrusion detection in high-speed networks cannot easily be solved by optimizing the packet matching algorithm utilized by a centralized process or by using custom-developed hardware. Instead, there is a need for a parallel approach that is able to decompose the problem into subproblems of manageable size. We present a novel parallel matching algorithm for the signature-based detection of network attacks. The algorithm is able to perform stateful signature matching and has been implemented only using off-the-shelf components. Our initial experiments confirm that, by making the rule matching process parallel, it is possible to achieve a scalable implementation of a stateful, network-based intrusion detection system.