A high-performance network intrusion detection system
作者: R. Sekar , Y. Guang , S. Verma , T. Shanbhag
关键词:
摘要: In this paper we present a new approach for network intrusion detection based on concise specifications that characterize normal and abnormal packet sequences. Our specification language is geared robust by enforcing strict type discipline via combination of static dynamic checking. Unlike most previous approaches in detection, our can easily support protocols as information relating to the are not hard-coded into system. Instead, simply add suitable definitions define patterns these types. We compile high-performance Important components include efficient algorithms pattern-matching aggregation sequences packets. particular, techniques ensure matching time insensitive number characterizing different intrusions, operations typically take constant per packet. system participated an evaluation organized MIT Lincoln Labs, where demonstrated its effectiveness (96% rate low-level attacks) performance (real-time at 500Mbps), while producing very few false positives (0.05 0.1 attack).
acm.org
core.ac.uk
uccs.edu 
sci-hub.se 参考文章(23)
D.E. Denning, An Intrusion-Detection Model IEEE Transactions on Software Engineering. ,vol. 13, pp. 222- 232 ,(1987) , 10.1109/TSE.1987.232894
D.C. Luckham, J. Vera, An event-based architecture definition language IEEE Transactions on Software Engineering. ,vol. 21, pp. 717- 734 ,(1995) , 10.1109/32.464548
K. Ilgun, USTAT: a real-time intrusion detection system for UNIX ieee symposium on security and privacy. pp. 16- 28 ,(1993) , 10.1109/RISP.1993.287646
Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, Computer immunology Communications of The ACM. ,vol. 40, pp. 88- 96 ,(1997) , 10.1145/262793.262811
Vern Paxson, Bro: a system for detecting network intruders in real-time usenix security symposium. pp. 3- 3 ,(1998)
Biswanath Mukherjee, L Todd Heberlein, Karl N Levitt, None, Network intrusion detection IEEE Network. ,vol. 8, pp. 26- 41 ,(1994) , 10.1109/65.283931
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
D. C. Luckham, D. P. Helmbold, D. L. Bryan, M. A. Haberler, Task sequencing language for specifying distributed Ada systems international conference on parallel architectures and languages europe. pp. 444- 463 ,(1987) , 10.1007/3-540-17945-3_26
R. Sekar, P. Uppuluri, Synthesizing fast intrusion prevention/detection systems from high-level specifications usenix security symposium. pp. 6- 6 ,(1999)
Marcus J. Ranum, Andrew Lambeth, Michael T. Stolarchuk, Kent Landfield, Mark Sienkiewicz, Eric Wall, Implementing a Generalized Tool for Network Monitoring usenix large installation systems administration conference. pp. 1- 8 ,(1997)