Foschini, 2007 - Google Patents
A formalization and analysis of high-speed stateful signature matching for intrusion detectionFoschini, 2007
View PDF- Document ID
- 6018648832794739115
- Author
- Foschini L
- Publication year
External Links
Snippet
The increase in bandwidth over processing power has made stateful intrusion detection for high-speed networks more difficult, and, in certain cases, impossible. The problem of realtime stateful intrusion detection in high-speed networks cannot be solved by optimizing …
- 238000001514 detection method 0 title abstract description 173
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11831420B2 (en) | Network application firewall | |
| Gu et al. | Bothunter: Detecting malware infection through ids-driven dialog correlation. | |
| Kumar | Survey of current network intrusion detection techniques | |
| US7979368B2 (en) | Systems and methods for processing data flows | |
| US8010469B2 (en) | Systems and methods for processing data flows | |
| US9525696B2 (en) | Systems and methods for processing data flows | |
| US9800608B2 (en) | Processing data flows with a data flow processor | |
| US20110238855A1 (en) | Processing data flows with a data flow processor | |
| US20110231564A1 (en) | Processing data flows with a data flow processor | |
| US20110219035A1 (en) | Database security via data flow processing | |
| US20110213869A1 (en) | Processing data flows with a data flow processor | |
| US20110214157A1 (en) | Securing a network with data flow processing | |
| US20080229415A1 (en) | Systems and methods for processing data flows | |
| Li et al. | Network-based and attack-resilient length signature generation for zero-day polymorphic worms | |
| Ahmed et al. | A Systematic Literature Review on Cyber Attack Detection in Software-Define Networking (SDN) | |
| Zaraska | Prelude IDS: current state and development perspectives | |
| Greco et al. | Advanced widespread behavioral probes against lateral movements | |
| Drakos | Implement a security policy and identify Advance persistent threats (APT) with ZEEK anomaly detection mechanism | |
| Foschini | A formalization and analysis of high-speed stateful signature matching for intrusion detection | |
| Kruegel | Network alertness: towards an adaptive, collaborating intrusion detection system | |
| Cui | Automating malware detection by inferring intent | |
| Waraich | Automated attack signature generation: A survey | |
| Patil et al. | Snort, BRO, NetSTAT, Emerald and SAX2: A Comparison. | |
| Toprak | Intrusion detection system alert correlation with operating system level logs | |
| Zafar et al. | Network security: a survey of modern approaches |