Literature Database Entry

erlacher2020high-speed


Felix Erlacher and Falko Dressler, "On High-Speed Flow-based Intrusion Detection using Snort-compatible Signatures," IEEE Transactions on Dependable and Secure Computing (TDSC), 2020. (to appear)

Abstract

Signature-based Network Intrusion Detection Systems (NIDS) have become state-of-the-art in modern network security solutions. However, most systems are not designed for modern high-speed network links. In the field of network monitoring, an alternative solution has become the choice for such high-speed networks. Flow-monitoring, typically based on the Internet Protocol Flow Information Export (IPFIX) standard, now goes well beyond collecting statistical information about network connections. Current solutions are even able to include selected parts of the payload in these Flows to be used in conjunction with NIDS. Recently, we extended this concept to application layer HTTP Flows. We now present our improved version of the IPFIX-based Signature-based Intrusion Detection System (FIXIDS). FIXIDS makes use of HTTP intrusion detection signatures from the popular Snort system and applies them to incoming IPFIX-conforming HTTP Flows. Our evaluation shows that FIXIDS can deal with four times higher network data rates without drops compared to Snort, while maintaining the same event detection rate. Furthermore, a substantial part of the data traffic can be outsourced to FIXIDS so that Snort can be relieved of a significant portion of rules and traffic. This increases both the detection rate and the data rate the overall security appliance can handle.

Quick access

Original Version DOI (at publishers web site)
Authors' Version PDF (PDF on this web site)
BibTeX BibTeX

Contact

Felix Erlacher
Falko Dressler

BibTeX reference

@article{erlacher2020high-speed,
    author = {Erlacher, Felix and Dressler, Falko},
    doi = {10.1109/TDSC.2020.2973992},
    note = {to appear},
    title = {{On High-Speed Flow-based Intrusion Detection using Snort-compatible Signatures}},
    journal = {IEEE Transactions on Dependable and Secure Computing (TDSC)},
    issn = {1545-5971},
    publisher = {IEEE},
    year = {2020},
   }
   
   

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.

This page was automatically generated using BibDB and bib2web.