Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection
Research output: Journal Publications and Reviews (RGC: 21, 22, 62) › 21_Publication in refereed journal › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
Original language | English |
---|---|
Pages (from-to) | 83-92 |
Journal / Publication | Journal of Network and Computer Applications |
Volume | 39 |
Issue number | 1 |
Online published | 24 May 2013 |
Publication status | Published - Mar 2014 |
Link(s)
Abstract
Network intrusion detection systems (NIDS) are widely deployed in various network environments. Compared to an anomaly based NIDS, a signature-based NIDS is more popular in real-world applications, because of its relatively lower false alarm rate. However, the process of signature matching is a key limiting factor to impede the performance of a signature-based NIDS, in which the cost is at least linear to the size of an input string and the CPU occupancy rate can reach more than 80% in the worst case. In this paper, we develop an adaptive blacklist-based packet filter using a statistic-based approach aiming to improve the performance of a signature-based NIDS. The filter employs a blacklist technique to help filter out network packets based on IP confidence and the statistic-based approach allows the blacklist generation in an adaptive way, that is, the blacklist can be updated periodically. In the evaluation, we give a detailed analysis of how to select weight values in the statistic-based approach, and investigate the performance of the packet filter with a DARPA dataset, a real dataset and in a real network environment. Our evaluation results under various scenarios show that our proposed packet filter is encouraging and effective to reduce the burden of a signature-based NIDS without affecting network security. © 2013 Elsevier Ltd.
Research Area(s)
- Adaptive system, Blacklist generation, Network intrusion detection, Packet filter, Signature matching
Citation Format(s)
Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection. / Meng, Yuxin; Kwok, Lam-For.
In: Journal of Network and Computer Applications, Vol. 39, No. 1, 03.2014, p. 83-92.Research output: Journal Publications and Reviews (RGC: 21, 22, 62) › 21_Publication in refereed journal › peer-review