TY - GEN
T1 - Adaptive character frequency-based exclusive signature matching scheme in distributed intrusion detection environment
AU - Meng, Yuxin
AU - Li, Wenjuan
PY - 2012
Y1 - 2012
N2 - Currently, signature-based network intrusion detection systems (NIDSs) are being widely deployed in distributed network environment with the purpose of protecting network communications from various attacks. However, signature matching has become a key limiting factor to restrict the performance of a signature-based NIDS in large-scale distributed network environment. The overhead network packets can greatly reduce the effectiveness of such detection systems and heavily consume computer resources. To mitigate this issue, a more efficient signature matching algorithm is desirable. In this paper, we therefore develop an adaptive character frequency-based exclusive signature matching scheme that can be implemented in a signature-based NIDS to help improve the performance of signature matching. In the experiment, we implemented our scheme in a distributed network environment and evaluated the performance of our scheme compared with Snort. The experimental results show that, in our distributed network environment, our scheme can positively reduce the time consumption in the range from 11.2% to 37.6%.
AB - Currently, signature-based network intrusion detection systems (NIDSs) are being widely deployed in distributed network environment with the purpose of protecting network communications from various attacks. However, signature matching has become a key limiting factor to restrict the performance of a signature-based NIDS in large-scale distributed network environment. The overhead network packets can greatly reduce the effectiveness of such detection systems and heavily consume computer resources. To mitigate this issue, a more efficient signature matching algorithm is desirable. In this paper, we therefore develop an adaptive character frequency-based exclusive signature matching scheme that can be implemented in a signature-based NIDS to help improve the performance of signature matching. In the experiment, we implemented our scheme in a distributed network environment and evaluated the performance of our scheme compared with Snort. The experimental results show that, in our distributed network environment, our scheme can positively reduce the time consumption in the range from 11.2% to 37.6%.
KW - Exclusive signature matching
KW - Intrusion detection
KW - Network security and performance
UR - http://www.scopus.com/inward/record.url?scp=84868108180&partnerID=8YFLogxK
U2 - 10.1109/TrustCom.2012.65
DO - 10.1109/TrustCom.2012.65
M3 - Conference article published in proceeding or book
AN - SCOPUS:84868108180
SN - 9780769547459
T3 - Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012
SP - 223
EP - 230
BT - Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012
T2 - 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012
Y2 - 25 June 2012 through 27 June 2012
ER -