On the Fly Pattern Matching For Intrusion Detection with Snort
Identifieur interne : 006B43 ( Main/Merge ); précédent : 006B42; suivant : 006B44On the Fly Pattern Matching For Intrusion Detection with Snort
Auteurs : Tarek Abbes ; Adel Bouhoula ; Michael RusinowitchSource :
- Annales de Telecommunications ; 2004.
English descriptors
- KwdEn :
Abstract
Intrusion Detection Systems are important tools for system administrators to protect their network. However they find more and more difficulties with high speed networks. To enhance their capacity and deal with evasion techniques, frequently used by hackers, we have introduced a new method to filter the network traffic. The detection method, while being stateful, processes each packet as soon as it is received. We have employed this strategy after a new classification of detection rules. Then, we have used efficient multisearch methods and suitable datastructure for signatures. The method has been successfully implemented as an extension of the Intrusion Detection System "Snort".
Links toward previous steps (curation, corpus...)
- to stream Crin, to step Corpus: 003F09
- to stream Crin, to step Curation: 003F09
- to stream Crin, to step Checkpoint: 000668
Links to Exploration step
CRIN:abbes04aLe document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en" wicri:score="496">On the Fly Pattern Matching For Intrusion Detection with Snort</title></titleStmt><publicationStmt><idno type="RBID">CRIN:abbes04a</idno><date when="2004" year="2004">2004</date><idno type="wicri:Area/Crin/Corpus">003F09</idno><idno type="wicri:Area/Crin/Curation">003F09</idno><idno type="wicri:explorRef" wicri:stream="Crin" wicri:step="Curation">003F09</idno><idno type="wicri:Area/Crin/Checkpoint">000668</idno><idno type="wicri:explorRef" wicri:stream="Crin" wicri:step="Checkpoint">000668</idno><idno type="wicri:Area/Main/Merge">006B43</idno></publicationStmt><sourceDesc><biblStruct><analytic><title xml:lang="en">On the Fly Pattern Matching For Intrusion Detection with Snort</title><author><name sortKey="Abbes, Tarek" sort="Abbes, Tarek" uniqKey="Abbes T" first="Tarek" last="Abbes">Tarek Abbes</name></author><author><name sortKey="Bouhoula, Adel" sort="Bouhoula, Adel" uniqKey="Bouhoula A" first="Adel" last="Bouhoula">Adel Bouhoula</name></author><author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michael" last="Rusinowitch">Michael Rusinowitch</name></author></analytic><series><title level="j">Annales de Telecommunications</title><imprint><date when="2004" type="published">2004</date></imprint></series></biblStruct></sourceDesc></fileDesc><profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>evasion</term><term>intrusion detection</term><term>pattern matching</term></keywords></textClass></profileDesc></teiHeader><front><div type="abstract" xml:lang="en" wicri:score="1145">Intrusion Detection Systems are important tools for system administrators to protect their network. However they find more and more difficulties with high speed networks. To enhance their capacity and deal with evasion techniques, frequently used by hackers, we have introduced a new method to filter the network traffic. The detection method, while being stateful, processes each packet as soon as it is received. We have employed this strategy after a new classification of detection rules. Then, we have used efficient multisearch methods and suitable datastructure for signatures. The method has been successfully implemented as an extension of the Intrusion Detection System "Snort".</div></front></TEI></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Main/Merge
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 006B43 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Merge/biblio.hfd -nk 006B43 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Lorraine
|area= InforLorV4
|flux= Main
|étape= Merge
|type= RBID
|clé= CRIN:abbes04a
|texte= On the Fly Pattern Matching For Intrusion Detection with Snort
}}
| This area was generated with Dilib version V0.6.33. |  |