Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Classification and detection of computer intrusions
Classification and detection of computer intrusions
The intrusion detection system AID—architecture, and experiences in automated audit analysis
Proceedings of the IFIP TC6/TC11 international conference on Communications and multimedia security II
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
NetFlow: information loss or win?
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Identifying Modeling Errors in Signatures by Model Checking
Proceedings of the 16th International SPIN Workshop on Model Checking Software
Towards early warning systems: challenges, technologies and architecture
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
Modeling a distributed intrusion detection system using collaborative building blocks
ACM SIGSOFT Software Engineering Notes
Simplifying signature engineering by reuse
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Automatically building datasets of labeled IP traffic traces: A self-training approach
Applied Soft Computing
Towards systematic signature testing
TestCom'07/FATES'07 Proceedings of the 19th IFIP TC6/WG6.1 international conference, and 7th international conference on Testing of Software and Communicating Systems
Hi-index | 0.00 |
In addition to preventive mechanisms intrusion detection systems (IDS) are an important instrument to protect computer systems. Most IDSs used today realize the misuse detection approach. These systems analyze monitored events for occurrences of defined patterns (signatures), which indicate security violations. Up to now only little attention has been paid to the analysis efficiency of these systems. In particular for systems that are able to detect complex, multi-step attacks not much work towards performance optimizations has been done. This paper discusses analysis techniques of IDSs used today and introduces a couple of optimizing strategies, which exploit structural properties of signatures to increase the analyze efficiency. A prototypical implementation has been used to evaluate these strategies experimentally and to compare them with currently deployed misuse detection techniques. Measurements showed that significant performance improvements can be gained by using the proposed optimizing strategies. The effects of each optimization strategy on the analysis efficiency are discussed in detail.