Reducing Payload Inspection Cost Using Rule Classification for Fast Attack Signature Matching
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kim, Sunghyun | - |
dc.contributor.author | Lee, Heejo | - |
dc.date.accessioned | 2021-09-08T12:48:54Z | - |
dc.date.available | 2021-09-08T12:48:54Z | - |
dc.date.created | 2021-06-11 | - |
dc.date.issued | 2009-10 | - |
dc.identifier.issn | 0916-8532 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/119162 | - |
dc.description.abstract | Network intrusion detection systems rely on a signature-based detection engine. When under attack or during heavy traffic, the detection engines need to make a fast decision whether a packet or a sequence of packets is normal or malicious. However, if packets have a heavy payload or the system has a great deal of attack patterns, the high cost of payload inspection severely diminishes detection performance. Therefore, it Would be better to avoid unnecessary payload scans by checking the protocol fields in the packet header, before executing their heavy operations of payload inspection. When payload inspection is necessary, it is better to compare a minimum number of attack patterns. In this paper, we propose new methods to classify attack signatures and make pre-computed multi-pattern groups. Based on IDS rule analysis, we grouped the signatures of attack rules by a multi-dimensional classification method adapted to a simplified address flow. The proposed methods reduce unnecessary payload scans and make light pattern groups to be checked. While performance improvements are dependent on a given networking environment, the experimental results with the DARPA data set and university traffic show that the proposed methods Outperform the most recent Snort by up to 33%. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG | - |
dc.subject | INTRUSION DETECTION | - |
dc.title | Reducing Payload Inspection Cost Using Rule Classification for Fast Attack Signature Matching | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Heejo | - |
dc.identifier.doi | 10.1587/transinf.E92.D.1971 | - |
dc.identifier.scopusid | 2-s2.0-77950202394 | - |
dc.identifier.wosid | 000272394700018 | - |
dc.identifier.bibliographicCitation | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, v.E92D, no.10, pp.1971 - 1978 | - |
dc.relation.isPartOf | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS | - |
dc.citation.title | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS | - |
dc.citation.volume | E92D | - |
dc.citation.number | 10 | - |
dc.citation.startPage | 1971 | - |
dc.citation.endPage | 1978 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Software Engineering | - |
dc.subject.keywordPlus | INTRUSION DETECTION | - |
dc.subject.keywordAuthor | intrusion detection system | - |
dc.subject.keywordAuthor | signature matching | - |
dc.subject.keywordAuthor | rule classification | - |
dc.subject.keywordAuthor | pattern matching | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.