Characterizing sources and remedies for packet loss in network intrusion detection systems

Proceedings of the 2005 IEEE International Symposium on Workload Characterization, IISWC-2005

Volumn 2005, Issue , 2005, Pages 188-196

  Schaelicke, Lambert ^a   Curt Freeland, J ^b  

^a INTEL CORPORATION   (United States)

^b University of Notre Dame   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

GENERAL-PURPOSE WORKSTATIONS; NETWORK INTRUSION DETECTION SYSTEMS (NIDS); PACKET LOSSES; SYSTEM OPTIMIZATIONS;

COMPUTER NETWORKS; COMPUTER WORKSTATIONS; OPEN SYSTEMS; OPTIMIZATION; PACKET SWITCHING; SYSTEMS ANALYSIS;

SECURITY OF DATA;

EID: 33749063636     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IISWC.2005.1526016     Document Type: Conference Paper

References (22)

1. "C User's Guide, Forte Developer 6 Update 2," Sun Microsystems, Inc., Palo Alto, Calif., 2001.
2. P. Druschel and L. Peterson, "Fbufs: A High-Bandwidth Cross-Domain Transfer Facility," Proc. 14th Symp. Operating Systems Principles (SOSP-14), ACm CS Press, New York, N.Y, pp. 189-202, 1993.
3. P. Druschel, L. Peterson, and B. Davie, "Experiences with a High-speed Network Adaptor: A Software Perspective," Proc. ACM SIGCOMM Conf., ACM CS Press, New York, N.Y., pp. 2-13, 1994.
4. A. Gallatin, J. Chase, and K. Yocum, "Trapeze/IP: TCP/IP at Near-Gigabit Speeds," Proc. 1999 Usenix Technical Conference, Usenix Assoc., Berkeley, Calif., 1999, pp. 109-120.
5. J. Haines, R. Lippmann, D. Fried, J. Korba and K. Das, "1999 DARPA Intrusion Detection System Evaluation: Design and Procedures, " tech. report 1062, MIT Lincoln Laboratory, Boston, Mass., 2001.
6. C. Keltcher, K. McGrath, A. Ahmed, and P. Conway, "The AMD Opteron Processor for Multiprocessor Servers," IEEE Micro, IEEE CS Press, Los Alamitos, Calif., vol. 23, no. 2, pp. 66-76, 2003.
7. C. Kruegel and T. Toth, "Using Decision Trees to Improve Signature-based Intrusion Detection," Proc. Sixth Int'l Symp. Recent Advances in Intrusion Detection (RAID), Springer-Verlag, Berlin-Heidelberg-New York, pp. 173-191, 2003.
8. W. Lee and S, Stolfo, "Data Mining Approaches for Intrusion Detection," USENIX Security Symp., Usenix Assoc., Berkeley, Calif., 1998.
9. B. Moore, T. Slabach and L. Schaelicke "Profiling Interrupt Handler Performance through Kernel Instrumentation," Proc. Int'l Conf. Computer Design (ICCD), IEEE CS Press, Los Alamitos, Calif, 2003, pp. 156-163.
10. D. Mutz, G. Vigna, and R.A. Kemmerer, "An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems," Proc. Ann. Comp. Security Applications Conference (ACSAC), pp. 374-383, 2003.
11. V. Paxson, "Bro: A System for Detecting Network Intruders in Real-Time", Computer Networks, vol. 31, no. 23-24, 1999, pp. 2435-2463.
12. T. Ptacek and T. Newsham, "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, " tech. report, Secure Networks, Inc., 1998.
13. N. Puketza, K. Zhang, M. Chung, B. Mukherjee and R. Olsson, "A Methodology for Testing Intrusion Detection Systems," IEEE Trans. Software Engineering, IEEE CS Press, Los Alamitos, Calif., vol. 22", no. 10, 1996, pp. 719-729.
14. M. Ranum, "Experiences Benchmarking Intrusion Detection Systems," whitepaper, Network Flight Recorder.
15. M. Roesch, "Snort: Lightweight Intrusion Detection for Networks", Proc. Usenix LISA '99 Conference, Usenix Society, Berkeley, Calif., 1999.
16. L. Schaelicke, T. Slabach, B. Moore and C. Freeland, "Characterizing the Performance of Network Intrusion Detection Sensors," Proc. Sixth Int'l Symp. Recent Advances in Intrusion Detection (RAID), Springer-Verlag, Berlin-Heidelberg-New York, pp. 155-172, 2003.
17. L. Schaelicke, M. Parker, ML-RSIM Reference Manual, tech. report TR 02-10, Dept. Computer Science Engineering, Univ. of Notre Dame, Notre Dame, In., 2002.
18. P. Shivakumar and N.P. Jouppi, "CACTI 3.0: An Integrated Cache Timing, Power, and Area Model," tech. report 2001-02, Compaq Western Research Laboratory, Palo Alto, Calif., 2001.
19. "Snort 2.0 - Detection Revisited," whitepaper, Sourcefire Network Security Inc., 2002.
20. tcpdump/libpacp, http://www.tcpdump.org.
21. L. McVoy and C. Staelin, "LMBench: Portable Tools for Performance Analysis," Proc. USENIX Annual Technical Conference, Usenix Assoc., Berkeley, Calif., 1996, pp. 279-294.
22. P. Woods, "pcap-mmap, " http://public.lanl.gov/cpw/