By Topic

Adaptive context-aware packet filter scheme using statistic-based blacklist generation in network intrusion detection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Yuxin Meng ; Computer Science Department, City University of Hong Kong, Hong Kong, China ; Lam-for Kwok

By using string matching, signature-based network intrusion detection systems (NIDSs) can achieve a higher accuracy and lower false alarm rate than the anomaly-based systems. But the matching process is very expensive regarding to the performance of a signature-based NIDS in which the cost is at least linear to the size of the input string and the CPU occupancy rate can reach more than 80 percent in the worst case. This problem greatly limits the high performance of a signature-based NIDS in a large operational network. In this paper, we present a context-aware packet filter scheme aiming to mitigate this problem. In particular, our scheme incorporates a list technique, namely the blacklist to help filter network packets based on the confidence of the IP domains. Moreover, our scheme will adapt and update the blacklist contents by using the method of statistic-based blacklist generation according to the actual network environment. In the experiment, we implemented our scheme and showed the first experimental evaluation of its effectiveness.

Published in:

Information Assurance and Security (IAS), 2011 7th International Conference on

Date of Conference:

5-8 Dec. 2011