NetFlow: information loss or win?
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Decentralized Event Correlation for Intrusion Detection
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
SPANIDS: a scalable network intrusion detection loadbalancer
Proceedings of the 2nd conference on Computing frontiers
Gnort: High Performance Network Intrusion Detection Using Graphics Processors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Improving NFA-based signature matching using ordered binary decision diagrams
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Hi-index | 0.00 |
Intrusion Detection Systems (IDS) have proven as valuable measure to cope reactively with attacks in the Internet. The growing complexity of IT-systems, however, increases rapidly the audit data volumes and the size of the signature bases. This forces IDS to drop audit data in high load situations thus offering attackers chances to act undetected. To tackle this issue we propose an efficient and adaptive analysis approach for multi-step signatures that is based on a dynamic distribution of analyses. We propose different optimization strategies for an efficient analysis distribution. The strengths and weaknesses of each strategy are evaluated based on a prototype implementation.