TU Berlin

Internet Network ArchitecturesMarco Canini's Publications


zur Navigation

Es gibt keine deutsche Übersetzung dieser Webseite.

Marco Caninis's Publications

Exploiting Independent State for Network Intrusion Detection
Zitatschlüssel SP-EISNID-04
Autor Sommer, Robin and Paxson, Vern
Jahr 2004
Notiz No. TUM-I0420; Format: Postscript, gzipped
Institution Technische Universität München, Fakultät für Informatik
Zusammenfassung Network intrusion detection systems (NIDSs) rely on managing a significant amount of state. Often much of this state resides solely in the volatile processor memory accessible to a single user-level process on a single machine. In this work we develop an architecture that facilitates independent state, i.e., internal fine-grained state that can be propagated from one instance of a NIDS to others running either concurrently or subsequently. Our unified architecture provides us with a wealth of possible applications that hold promise for enhancing the power of a NIDS. We examine how we can leverage independent state for distributed processing, load parallelization, selective preservation of state across restarts and crashes, dynamic reconfiguration, high-level policy maintenance, and support for profiling and debugging. We have experimented with each of these applications in several large environments and are now working to integrate them into the sites' operational monitoring.
Typ der Publikation Technischer Bericht (Technical report)
Link zur Publikation Download Bibtex Eintrag



Schnellnavigation zur Seite über Nummerneingabe