Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
ACM Transactions on Information and System Security (TISSEC)
Efficient packet marking for large-scale IP traceback
Proceedings of the 9th ACM conference on Computer and communications security
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Detecting Anomalous and Unknown Intrusions Against Programs
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Operational experiences with high-volume network intrusion detection
Proceedings of the 11th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Annulling SYN Flooding Attacks with Whitelist
AINAW '08 Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - Workshops
IEEE/ACM Transactions on Networking (TON)
Using whitelisting to mitigate DDoS attacks on critical internet sites
IEEE Communications Magazine
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
WOWMOM '10 Proceedings of the 2010 IEEE International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM)
FAUST: efficient, TTP-free abuse prevention by anonymous whitelisting
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
Measurement and evaluation of a real world deployment of a challenge-response spam filter
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
| Hi-index | 0.00 |
Signature-based network intrusion detection systems (NIDSs) have become an essential part in current network security infrastructure to identify different kinds of network attacks. However, signature matching is a big suffering problem for these systems in which the cost of the signature matching is at least linear to the size of an input string. To mitigate this issue, we have developed a context-aware packet filter by means of the blacklist technique to filter out network packets for a signature-based NIDS and achieved good results. But the effect of the whitelist technique has not been explored in our previous work. In this paper, we therefore aim to develop a list-based packet filter by combining the whitelist technique with the blacklist-based packet filter under some specific conditions, and investigate the effect of the whitelist on packet filtration. To protect both the blacklist and the whitelist, we employ an IP verification mechanism to defend against IP spoofing attack. We implemented the list-based packet filter in a network environment and evaluated it with two distinct datasets, the experimental results show that by deploying with the IP verification mechanism, the whitelist technique can improve the packet filtration without lowering network security.