Rule indexing for efficient intrusion detection systems

Authors:
Boojoong Kang;Hye Seon Kim;Ji Su Yang;Eul Gyu Im
Affiliations:
Department of Electronics and Computer Engineering, Hanyang University, Seoul, Korea;Department of Electronics and Computer Engineering, Hanyang University, Seoul, Korea;Department of Electronics and Computer Engineering, Hanyang University, Seoul, Korea;Division of Computer Science and Engineering, Hanyang University, Seoul, Korea
Venue:
WISA'11 Proceedings of the 12th international conference on Information Security Applications
Year:
2011

Citing 8
Cited 1

Snort 2.0 Intrusion Detection

Snort 2.0 Intrusion Detection
A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A High Throughput String Matching Architecture for Intrusion Detection and Prevention

Proceedings of the 32nd annual international symposium on Computer Architecture
Fast and scalable pattern matching for content filtering

Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Packet pre-filtering for network intrusion detection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Methodology for Fast Pattern Matching by Deterministic Finite Automaton with Perfect Hashing

DSD '09 Proceedings of the 2009 12th Euromicro Conference on Digital System Design, Architectures, Methods and Tools
The GPU-based String Matching System in Advanced AC Algorithm

CIT '10 Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology

Balanced indexing method for efficient intrusion detection systems

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

As the use of the Internet has increased tremendously, the network traffic involved in malicious activities has also grown significantly. To detect and classify such malicious activities, Snort, the open-sourced network intrusion detection system, is widely used. Snort examines incoming packets with all Snort rules to detect potential malicious packets. Because the portion of malicious packets is usually small, it is not efficient to examine incoming packets with all Snort rules. In this paper, we apply two indexing methods to Snort rules, Prefix Indexing and Random Indexing, to reduce the number of rules to be examined. We also present experimental results with the indexing methods.