Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Malware detection system by payload analysis of network traffic (poster abstract)
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Hi-index | 0.00 |
When optimizing our NIDS APAP [1] we started focusing our efforts on ensuring that it would work on real-time network traffic. This effort, was penalized by the excessive cost of storage of various data structures needed to meet its goals satisfactorily. APAP is based on Anagram [2] and initially worked with small size N-gram. This allowed us to detect more attacks at the expense of a higher rate of false positives. But when we wanted to test the results obtained with larger N-gram sizes, we found that the cost of storage of the Bloom filter structures that we generated to analyze the payload of the traffic was too large.