Download now Free registration required
This paper proposed a traffic-based intrusion detection system framework in IPv6/4 environments and a traffic-based intrusion method. Through the establishment of a mathematical model to identify the relationship among detection time, memory usage and classification, one achieved a highly effective detection method which considered both traffic characteristics and rule characteristics. Lastly, the paper implemented it over Snort. The experiment shows using the method that one proposed, reduces greatly the rule set that per packet or event need to be detected, improves the detection efficiency, can be utilized to solve the high package-loss problem of IDS. In the same condition, whether in terms of the detection speed or in the memory usage, the method outperforms Snort. It also proves the validity of the method.
- Format: PDF
- Size: 215.3 KB