direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

Es gibt keine deutsche Übersetzung dieser Webseite.

Publications by Type: Conference and Workshop Publications

see also conference papers, workshop papers, demos, and posters. (under construction)

Exploiting Independent State For Network Intrusion Detection
Zitatschlüssel SP-EISNID-05
Autor Sommer, Robin and Paxson, Vern
Buchtitel Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC '05)
Seiten 59–71
Jahr 2005
ISBN 0-7695-2461-3
DOI http://dx.doi.org/10.1109/CSAC.2005.24
Adresse Washington, DC, USA
Verlag IEEE Computer Society
Zusammenfassung Network intrusion detection systems (NIDSs) critically rely on processing a great deal of state. Often much of this state resides solely in the volatile processor memory accessible to a single user-level process on a single machine. In this work, we highlight the power of independent state, i.e., internal fine-grained state that can be propagated from one instance of a NIDS to others running either concurrently or subsequently. Independent state provides us with a wealth of possible applications that hold promise for enhancing the capabilities of NIDSs. We discuss an implementation of independent state for the Bro NIDS and examine how we can then leverage independent state for distributed processing, load parallelization, selective preservation of state across restarts and crashes, dynamic reconfiguration, high level policy maintenance, and support for profiling and debugging. We have experimented with each of these applications in several large environments and are now working to integrate them into the sites' operational monitoring. A performance evaluation shows that our implementation is suitable for use even in large scale environments
Link zur Publikation Download Bibtex Eintrag

Zusatzinformationen / Extras

Direktzugang:

Schnellnavigation zur Seite über Nummerneingabe

Under Construction

This page/section is
still under construc-
tion. Please try again
later.