High Performance Intrusion Detection Using HTTP-Based Payload Aggregation

机译：使用基于HTTP的有效负载聚合的高性能入侵检测

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Signature-based Network Intrusion Detection Systems (NIDS) are an integral part of modern network security solutions. They help to detect and prevent network attacks and intrusions. However, they show critical performance problems in today's high speed networks. Filters have been proposed to reduce the amount of traffic to be analyzed by a NIDS, yet, such filters need to be very carefully designed in order not to miss relevant data. We address this problem by proposing a novel concept for filtering taking into account the pipelining architecture of modern web traffic. Our concept, which we named HTTP-based Payload Aggregation (HPA), is able to retain the first N bytes of the basic Protocol Data Unit (PDU) of an application layer protocol and discard the rest, arguing that the retained payload portion contains almost all relevant data for intrusion detection. We demonstrate the feasibility of our approach focusing on HTTP traffic as the most prominent protocol in many Internet applications. The idea is, thus, to capture the first N bytes of every pipelined session and forward this data to a NIDS. In our evaluation, we show that for the used traces we still detect more than 97% of the events with only 2.5% of the network traffic to be analyzed. We achieve an increase in packet throughput of up to 44 in our experiments.

机译：基于签名的网络入侵检测系统（NIDS）是现代网络安全解决方案不可或缺的一部分。它们有助于检测和预防网络攻击和入侵。但是，它们在当今的高速网络中显示出严重的性能问题。已经提出了过滤器以减少NIDS要分析的业务量，但是，这种过滤器需要非常仔细地设计以免丢失相关数据。我们提出了一种新颖的过滤概念，同时考虑了现代Web流量的流水线架构，从而解决了这个问题。我们的概念（我们称为基于HTTP的有效负载聚合（HPA））能够保留应用程序层协议的基本协议数据单元（PDU）的前N个字节，并丢弃其余的字节，理由是保留的有效负载部分几乎包含了所有有关入侵检测的数据。我们证明了将HTTP流量作为许多Internet应用程序中最重要的协议的方法的可行性。因此，该想法是捕获每个流水线会话的前N个字节，并将此数据转发到NIDS。在我们的评估中，我们表明，对于使用的跟踪，我们仍然可以检测到97％以上的事件，而仅需分析2.5％的网络流量。在我们的实验中，我们将数据包吞吐率提高了44％。

著录项

来源
《IEEE Conference on Local Computer Networks》|2017年|418-425|共8页
会议地点
作者
Felix Erlacher; Falko Dressler;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Protocols; Payloads; Intrusion detection; Internet; Pipeline processing; Filtering; Pattern matching;

机译：协议;有效载荷;入侵检测;互联网;管道处理;过滤;模式匹配;

相似文献

外文文献
中文文献
专利

1. RePIDS: A multi tier Real-time Payload-based Intrusion Detection System [J] . Aruna Jamdagni, Zhiyuan Tan, Xiangjian He, Computer networks . 2013,第3期

机译：RePIDS：基于多层实时有效负载的入侵检测系统
2. Concealed Data Aggregation with Dynamic Intrusion Detection System to Remove Vulnerabilities in Wireless Sensor Networks [J] . Bharat Bhushan, Keshav Kaushik, G Sahoo Computer Science & Information Technology . 2016,第9期

机译：隐藏数据聚合与动态入侵检测系统，以消除无线传感器网络中的漏洞
3. TRUST AWARE DATA AGGREGATION AND INTRUSION DETECTION SYSTEM FOR WIRELESS SENSOR NETWORKS [J] . P. Raghu Vamsi, Krishna Kant International Journal on Smart Sensing and Intelligent Systems . 2016,第2期

机译：无线传感器网络的信任感知数据集成和入侵检测系统
4. High Performance Intrusion Detection Using HTTP-Based Payload Aggregation [C] . Felix Erlacher, Falko Dressler IEEE Conference on Local Computer Networks . 2017

机译：使用基于HTTP的有效载荷聚合的高性能入侵检测
5. Anomaly-based intrusion detection using lightweight stateless payload inspection. [D] . Nwanze, Nnamdi Chike. 2009

机译：使用轻量级无状态有效载荷检查的基于异常的入侵检测。
6. Improving the Performance of Machine Learning-Based Network Intrusion Detection Systems on the UNSW-NB15 Dataset [O] . Soulaiman Moualla, Khaldoun Khorzom, Assef Jafar 2021

机译：在UNSW-NB15数据集上提高基于机器学习的网络入侵检测系统的性能
7. Improving the Performance of Intrusion Detection using Dialog-based Payload Aggregation [O] . Tobias Limmer, Falko Dressler 2015

机译：使用基于对话框的有效载荷聚合提高入侵检测的性能

High Performance Intrusion Detection Using HTTP-Based Payload Aggregation

摘要

著录项

相似文献

相关主题

期刊订阅