A High-Performance Network Intrusion Detection System

This paper presents a new approach for network intrusion detection based on concise specifications that characterize normal and abnormal network packet sequences. The specification language is geared for robust network intrusion detection by enforcing a strict type discipline via a combination of static and dynamic type checking. Unlike most previous approaches in network intrusion detection, the authors approach can easily support new network protocols as information relating to the protocols are not hard-coded into the system. Instead, suitable type definitions are added in the specifications and define intrusion patterns on these types. These specifications are compiled into a high-performance network intrusion detection system.