On the Fly Pattern Matching For Intrusion Detection with Snort
Identifieur interne : 000668 ( Crin/Checkpoint ); précédent : 000667; suivant : 000669On the Fly Pattern Matching For Intrusion Detection with Snort
Auteurs : Tarek Abbes ; Adel Bouhoula ; Michael RusinowitchSource :
- Annales de Telecommunications ; 2004.
English descriptors
- KwdEn :
Abstract
Intrusion Detection Systems are important tools for system administrators to protect their network. However they find more and more difficulties with high speed networks. To enhance their capacity and deal with evasion techniques, frequently used by hackers, we have introduced a new method to filter the network traffic. The detection method, while being stateful, processes each packet as soon as it is received. We have employed this strategy after a new classification of detection rules. Then, we have used efficient multisearch methods and suitable datastructure for signatures. The method has been successfully implemented as an extension of the Intrusion Detection System "Snort".
Links toward previous steps (curation, corpus...)
Links to Exploration step
CRIN:abbes04aLe document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en" wicri:score="496">On the Fly Pattern Matching For Intrusion Detection with Snort</title>
</titleStmt>
<publicationStmt><idno type="RBID">CRIN:abbes04a</idno>
<date when="2004" year="2004">2004</date>
<idno type="wicri:Area/Crin/Corpus">003F09</idno>
<idno type="wicri:Area/Crin/Curation">003F09</idno>
<idno type="wicri:explorRef" wicri:stream="Crin" wicri:step="Curation">003F09</idno>
<idno type="wicri:Area/Crin/Checkpoint">000668</idno>
<idno type="wicri:explorRef" wicri:stream="Crin" wicri:step="Checkpoint">000668</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title xml:lang="en">On the Fly Pattern Matching For Intrusion Detection with Snort</title>
<author><name sortKey="Abbes, Tarek" sort="Abbes, Tarek" uniqKey="Abbes T" first="Tarek" last="Abbes">Tarek Abbes</name>
</author>
<author><name sortKey="Bouhoula, Adel" sort="Bouhoula, Adel" uniqKey="Bouhoula A" first="Adel" last="Bouhoula">Adel Bouhoula</name>
</author>
<author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michael" last="Rusinowitch">Michael Rusinowitch</name>
</author>
</analytic>
<series><title level="j">Annales de Telecommunications</title>
<imprint><date when="2004" type="published">2004</date>
</imprint>
</series>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>evasion</term>
<term>intrusion detection</term>
<term>pattern matching</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en" wicri:score="1145">Intrusion Detection Systems are important tools for system administrators to protect their network. However they find more and more difficulties with high speed networks. To enhance their capacity and deal with evasion techniques, frequently used by hackers, we have introduced a new method to filter the network traffic. The detection method, while being stateful, processes each packet as soon as it is received. We have employed this strategy after a new classification of detection rules. Then, we have used efficient multisearch methods and suitable datastructure for signatures. The method has been successfully implemented as an extension of the Intrusion Detection System "Snort".</div>
</front>
</TEI>
<BibTex type="article"><ref>abbes04a</ref>
<crinnumber>A04-R-222</crinnumber>
<category>1</category>
<equipe>CASSIS</equipe>
<author><e>Abbes, Tarek</e>
<e>Bouhoula, Adel</e>
<e>Rusinowitch, Michael</e>
</author>
<title>On the Fly Pattern Matching For Intrusion Detection with Snort</title>
<journal>Annales de Telecommunications</journal>
<year>2004</year>
<volume>59</volume>
<number>9-10</number>
<pages>941--967</pages>
<month>Sep</month>
<keywords><e>intrusion detection</e>
<e>evasion</e>
<e>pattern matching</e>
</keywords>
<abstract>Intrusion Detection Systems are important tools for system administrators to protect their network. However they find more and more difficulties with high speed networks. To enhance their capacity and deal with evasion techniques, frequently used by hackers, we have introduced a new method to filter the network traffic. The detection method, while being stateful, processes each packet as soon as it is received. We have employed this strategy after a new classification of detection rules. Then, we have used efficient multisearch methods and suitable datastructure for signatures. The method has been successfully implemented as an extension of the Intrusion Detection System "Snort".</abstract>
</BibTex>
</record>
Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Crin/Checkpoint
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000668 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Crin/Checkpoint/biblio.hfd -nk 000668 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien |wiki= Wicri/Lorraine |area= InforLorV4 |flux= Crin |étape= Checkpoint |type= RBID |clé= CRIN:abbes04a |texte= On the Fly Pattern Matching For Intrusion Detection with Snort }}
This area was generated with Dilib version V0.6.33. |