Research Article
Traffic-Aware Packet Matching for Intrusion Detection Systems
@INPROCEEDINGS{10.1109/BROADNETS.2007.4550445, author={Atsushi Yoshioka and Min Sik Kim}, title={Traffic-Aware Packet Matching for Intrusion Detection Systems}, proceedings={4th International IEEE Conference on Broadband Communications, Networks, Systems}, publisher={IEEE}, proceedings_a={BROADNETS}, year={2010}, month={5}, keywords={}, doi={10.1109/BROADNETS.2007.4550445} }
- Atsushi Yoshioka
Min Sik Kim
Year: 2010
Traffic-Aware Packet Matching for Intrusion Detection Systems
BROADNETS
IEEE
DOI: 10.1109/BROADNETS.2007.4550445
Abstract
Intrusion detection systems spend the majority of CPU time on matching packets against rules. Hence, fast identification of matches is crucial. Previous approaches may result in poor performance under certain traffic conditions because they either do not respond to traffic pattern or require setup time to organize rules whenever traffic pattern changes. We propose a two-stage packet matching to reduce matching time with little overhead. The first stage applies a small number of most-frequently matched rules. Only a fraction of packets are passed to the second stage, experiencing longer processing time. Rules in the first stage are constantly updated as their frequencies change.
Copyright © 2007–2024 IEEE