TU Berlin

Internet Network ArchitecturesRobin Sommer's Publications

Page Content

to Navigation

Robin Sommer's Publications

Exploiting Independent State for Network Intrusion Detection
Citation key SP-EISNID-04
Author Sommer, Robin and Paxson, Vern
Year 2004
Note No. TUM-I0420; Format: Postscript, gzipped
Institution Technische Universität München, Fakultät für Informatik
Abstract Network intrusion detection systems (NIDSs) rely on managing a significant amount of state. Often much of this state resides solely in the volatile processor memory accessible to a single user-level process on a single machine. In this work we develop an architecture that facilitates independent state, i.e., internal fine-grained state that can be propagated from one instance of a NIDS to others running either concurrently or subsequently. Our unified architecture provides us with a wealth of possible applications that hold promise for enhancing the power of a NIDS. We examine how we can leverage independent state for distributed processing, load parallelization, selective preservation of state across restarts and crashes, dynamic reconfiguration, high-level policy maintenance, and support for profiling and debugging. We have experimented with each of these applications in several large environments and are now working to integrate them into the sites' operational monitoring.
Bibtex Type of Publication Technischer Bericht (Technical report)
Link to publication Download Bibtex entry


Quick Access

Schnellnavigation zur Seite über Nummerneingabe