Paper Title:
Study of High-Speed Processing for Network Intrusion Detection System
  Abstract

With the flouring development of network-application, the importance of network security and its information security has become a greater concern for the computer users. This paper focuses on the study of the speed of detection, which is so far the most challenging problems in network intrusion detection. In practice, double-array hashing space method is applied in order to solve the problem of the big hashing space; according to features of data-package and those of attack-string, hashing -function is selected because of its high speed and efficiency; and the speed of detection is improve through the decrdasd of the times of detection to network package by applying various characteristic-string of the sane length with their corresponding pattern. There are many methods to achieve network security, and intrusion detection technology is a very effective mechanism [1]. It is a technology that could detect the current attack or attack happening inside computer system. At present, there are several different pattern match algorithms that are used for the attack detection of effective load for packet. No matter what optimization is made, they all could not get rid of a weakness: must match item by item for each mode that indicates attack characteristics [2-5]. So the packet to be detected shall be scanned for many times, and the scanning time is equal to the quality of mode; meanwhile, detection system also establish and manage heuristic function for each attack mode, and adjust detection order of attack mode, so system has rather big burden, and has difficulty to promote the detection efficiency. This is the fundamental problem causing low detection efficiency of effective load of packet [6]. Is it possible to design a detection algorithm which could build heuristic function from the perspective of whole attack model base and could detect all the attack models at the same time? This article uses hashing-method to discuss this problem, and finds that the attack probably existing could be found by several scanning for packet. In addition, network intrusion detection rule base is network IDS detection engine using model matching detection method, which is the standard for checking the captured packet. Snort is intrusion detection system based on network. This description method is simple, easy to achieve, and could describe most of the intrusion activities. Therefore, this article adopts the intrusion activity description method of Snort intrusion detection system, and introduces the rule base of Snort intrusion detection system as the rule base of this article for the foundation of design and demonstration of hashing detection scheme.

  Info
Periodical
Advanced Materials Research (Volumes 129-131)
Edited by
Xie Yi and Li Mi
Pages
1410-1414
DOI
10.4028/www.scientific.net/AMR.129-131.1410
Citation
H. Liu, "Study of High-Speed Processing for Network Intrusion Detection System", Advanced Materials Research, Vols. 129-131, pp. 1410-1414, 2010
Online since
August 2010
Authors
Export
Price
$32.00
Share

In order to see related information, you need to Login.

In order to see related information, you need to Login.

Authors: Jie Yu, Guo Xiang Yao, Wei Wei Zhang
Abstract:As the surging development of the information technology, Intrusion Detection System has been devised for the safety of computer network....
1751
Authors: Xian Qing Ling, Jun Lu, Lei Wang
Abstract:To improve the ability of the fuzzy edge detection and anti-noise performance, the paper proposes a new weighted direction fuzzy entropy...
1234
Authors: Chi Xu, Jin Chen
Chapter 8: Nanomaterials and Nanomanufacturing
Abstract:This paper describes in Using Self-Organizing Map (SOM) neural networks and its auto-clustering ability to study intrusion detection. The...
1479
Authors: Min Hao Cao, Fei Zhong
Chapter 4: Automation, Control, Information and Computer Technologies
Abstract:In order to meet the online testing requirements in current manufacturing automated production of car foam,the paper proposes a method for...
1093
Authors: Bo Chen, Yu Le Deng, Tie Ming Chen
Chapter 10: Applied Computing and Information Technologies
Abstract:The aim of dimensionality reduction is to construct a low-dimensional representation of high dimensional input data in such a way, that...
2412