TCP/IP illustrated (vol. 1): the protocols
TCP/IP illustrated (vol. 1): the protocols
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Wild-Inspired Intrusion Detection System Framework for High Speed Networks f|p IDS Framework
International Journal of Information Security and Privacy
Hi-index | 0.00 |
Network intrusion detection systems often rely on matching patterns that are gleaned from known attacks. While this method is reliable and rarely produces false alarms, it has the obvious disadvantage that it cannot detect novel attacks. Accordingly, an alternative approach which can be a combination with pattern matching approach is needed. We have made effort to design and implement high speed protocol anomaly and signature based intrusion detection approach to detect known and unknown attacks. This approach extracts a set of service fields from the application payload where many attacks occur and analyzes the value of fields to verify attack. This approach is implemented on the FPGA (Xilinx Virtex II pro) device to process packet at gigabit-per-second data rates.