Network traffic analysis optimization for signature-based intrusion detection systems
暂无分享,去创建一个
In this paper we propose a method for signature matching optimization in the field of intrusion detection and prevention. Signature matching algorithm performance is one of the key factors in the overall quality of the IDS/IPS, especially in high-speed networks. Optimization method proposed in this paper relies on semantics of the signature matching task, typical for such systems as Snort. The method minimizes the number of patterns called by the detection system for each network packet, reducing the time of its processing.
[1] M. Norton. Optimizing Pattern Matching for Intrusion Detection , 2004 .
[2] Giovanni Vigna,et al. STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..
[3] Giovanni Vigna,et al. NetSTAT: a network-based intrusion detection approach , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).
[4] Steven T. Eckmann. Translating Snort rules to STATL scenarios , 2001 .