Towards effective and robust list-based packet filter for signature-based network intrusion detection : an engineering approach
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
Original language | English |
---|---|
Pages (from-to) | 204-215 |
Journal / Publication | HKIE Transactions Hong Kong Institution of Engineers |
Volume | 24 |
Issue number | 4 |
Online published | 26 Dec 2017 |
Publication status | Published - 2017 |
Link(s)
Abstract
Network intrusion detection systems (NIDSs) which aim to identify various attacks, have become an essential part of current security infrastructure. In particular, signature-based NIDSs are being widely implemented in industry due to their low rate of false alarms. However, the signature matching process is a big challenge for these systems, in which the cost is at least linear to the size of an input string. As a result, overhead packets will be a major issue for practical usage, where the incoming packets exceed the maximum capability of an intrusion detection system (IDS). To mitigate this problem, packet filtration is a promising solution to reduce unwanted traffic. Motivated by this, in this work, a list-based packet filter was designed and an engineering method of combining both blacklist and whitelist techniques was introduced. To further secure such filters against IP spoofing attacks, a lightweight but efficient IP verification mechanism was developed. In the evaluation, a list-based packet filter was deployed in both simulated and real network environments under honest and dishonest scenarios. Experimental results demonstrate that the developed list-based packet filter is effective in traffic filtration as well as workload reduction, and is robust against IP spoofing attacks.
Research Area(s)
- Intrusion detection system, IP verification, list generation, network packet filter, network security and performance
Citation Format(s)
Towards effective and robust list-based packet filter for signature-based network intrusion detection: an engineering approach. / Meng, Weizhi; Li, Wenjuan; Kwok, Lam For.
In: HKIE Transactions Hong Kong Institution of Engineers, Vol. 24, No. 4, 2017, p. 204-215.
In: HKIE Transactions Hong Kong Institution of Engineers, Vol. 24, No. 4, 2017, p. 204-215.
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review