Highly available, fault-tolerant, parallel dataflows
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Operational experiences with high-volume network intrusion detection
Proceedings of the 11th ACM conference on Computer and communications security
SPANIDS: a scalable network intrusion detection loadbalancer
Proceedings of the 2nd conference on Computing frontiers
Architectural impact of stateful networking applications
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
An Active Splitter Architecture for Intrusion Detection and Prevention
IEEE Transactions on Dependable and Secure Computing
Profiling over Adaptive Ranges
Proceedings of the International Symposium on Code Generation and Optimization
Protomatching network traffic for high throughputnetwork intrusion detection
Proceedings of the 13th ACM conference on Computer and communications security
A taxonomy of parallel techniques for intrusion detection
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Ourmon and network monitoring performance
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Detecting targeted attacks using shadow honeypots
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network anomaly detection with incomplete audit data
Computer Networks: The International Journal of Computer and Telecommunications Networking
Proceedings of the 14th ACM conference on Computer and communications security
Enhancing interoperability and stateful analysis of cooperative network intrusion detection systems
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Detection workload in a dynamic grid-based intrusion detection environment
Journal of Parallel and Distributed Computing
Formulating and implementing profiling over adaptive ranges
ACM Transactions on Architecture and Code Optimization (TACO)
Hierarchical multi-pattern matching algorithm for network content inspection
Information Sciences: an International Journal
Gnort: High Performance Network Intrusion Detection Using Graphics Processors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Correlation-based load balancing for network intrusion detection and prevention systems
Proceedings of the 4th international conference on Security and privacy in communication netowrks
MultiLayer processing - an execution model for parallel stateful packet processing
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Optimization of NIDS Placement for Protection of Intercommunicating Critical Infrastructures
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
A Parallel Architecture for Stateful, High-Speed Intrusion Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Session management architecture for implementing an FPGA-based stateful intrusion detection system
ACS'08 Proceedings of the 8th conference on Applied computer scince
ACS'08 Proceedings of the 8th conference on Applied computer scince
Performance Improvement by Means of Collaboration between Network Intrusion Detection Systems
CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Integrating real-time analysis with the dendritic cell algorithm through segmentation
Proceedings of the 11th Annual conference on Genetic and evolutionary computation
OpenLIDS: a lightweight intrusion detection system for wireless mesh networks
Proceedings of the 15th annual international conference on Mobile computing and networking
A scalable multi-core aware software architecture for high-performance network monitoring
Proceedings of the 2nd international conference on Security of information and networks
How to keep your head above water while detecting errors
Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware
Stateful error detection in high throughput applications
Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware
Multi-byte Regular Expression Matching with Speculation
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Intrusion Detection Based on Back-Propagation Neural Network and Feature Selection Mechanism
FGIT '09 Proceedings of the 1st International Conference on Future Generation Information Technology
Future Generation Computer Systems
Proceedings of the Third European Workshop on System Security
Performance adaptation in real-time intrusion detection systems
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Workload characterization of stateful networking applications
ISHPC'05/ALPS'06 Proceedings of the 6th international symposium on high-performance computing and 1st international conference on Advanced low power systems
How to keep your head above water while detecting errors
Middleware'09 Proceedings of the ACM/IFIP/USENIX 10th international conference on Middleware
Scalable NIDS via negative pattern matching and exclusive pattern matching
INFOCOM'10 Proceedings of the 29th conference on Information communications
A fuzzy-based dynamic provision approach for virtualized network intrusion detection systems
AST/UCMA/ISA/ACN'10 Proceedings of the 2010 international conference on Advances in computer science and information technology
NIDS architecture for clusters
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
Network-wide deployment of intrusion detection and prevention systems
Proceedings of the 6th International COnference
On distributed intrusion detection systems design for high speed networks
ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy
A distributed neural network learning algorithm for network intrusion detection system
ICONIP'06 Proceedings of the 13th international conference on Neural information processing - Volume Part III
ACM Transactions on Modeling and Computer Simulation (TOMACS)
MIDeA: a multi-parallel intrusion detection architecture
Proceedings of the 18th ACM conference on Computer and communications security
Survey and taxonomy of feature selection algorithms in intrusion detection system
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
A high-performance and scalable multi-core aware software solution for network monitoring
The Journal of Supercomputing
Fuzzy optimization for security sensors deployment in collaborative intrusion detection system
FSKD'06 Proceedings of the Third international conference on Fuzzy Systems and Knowledge Discovery
Parallel optimization technology for backbone network intrusion detection system
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Building lightweight intrusion detection system based on random forest
ISNN'06 Proceedings of the Third international conference on Advances in Neural Networks - Volume Part III
Design and implementation of FPGA based high-performance intrusion detection system
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
FPGA based intrusion detection system against unknown and known attacks
PRIMA'06 Proceedings of the 9th Pacific Rim international conference on Agent Computing and Multi-Agent Systems
Improving the performance of signature-based network intrusion detection sensors by multi-threading
WISA'04 Proceedings of the 5th international conference on Information Security Applications
FPL-3: towards language support for distributed packet processing
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
Fusions of GA and SVM for anomaly detection in intrusion detection system
ISNN'05 Proceedings of the Second international conference on Advances in Neural Networks - Volume Part III
WIND: workload-aware INtrusion detection
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Intrusion Detection: Towards scalable intrusion detection
Network Security
Tolerating overload attacks against packet capturing systems
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Kargus: a highly-scalable software-based intrusion detection system
Proceedings of the 2012 ACM conference on Computer and communications security
Quantitative intrusion intensity assessment for intrusion detection systems
Security and Communication Networks
ATPS: adaptive threat prevention system for high-performance intrusion detection and response
APNOMS'07 Proceedings of the 10th Asia-Pacific conference on Network Operations and Management Symposium: managing next generation networks and services
Hi-index | 0.00 |
As networks become faster there is an emerging need for security analysistechniques that can keep up with the increased network throughput. Existingnetwork-based intrusion detection sensors can barely keep up withbandwidthsof a few hundred Mbps. Analysis tools that can deal with higher throughputareunable to maintain state between different steps of an attack or they arelimited to the analysis of packet headers. We propose a partitioningapproachto network security analysis that supports in-depth, stateful intrusiondetection on high-speed links. The approach is centered around a "slicing"mechanism that divides the overall network traffic into subsets ofmanageablesize. The traffic partitioning is done so that a single slice contains alltheevidence necessary to detect a specific attack, making sensor-to-sensorinteractions unnecessary. This paper describes the approach and presents afirst experimental evaluation of its effectiveness.