Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection

Journal of Network and Computer Applications

Volumn 39, Issue 1, 2014, Pages 83-92

  Meng, Yuxin ^a   Kwok, Lam For ^a  

^a CITY UNIVERSITY OF HONG KONG   (Hong Kong)

Author keywords

Adaptive system; Blacklist generation; Network intrusion detection; Packet filter; Signature matching

Indexed keywords

ANOMALY-BASED NIDS; BLACKLIST GENERATION; EVALUATION RESULTS; NETWORK ENVIRONMENTS; NETWORK INTRUSION DETECTION; NETWORK INTRUSION DETECTION SYSTEMS; PACKET FILTERS; SIGNATURE-MATCHING;

ADAPTIVE SYSTEMS; COMPUTER APPLICATIONS; COMPUTER NETWORKS;

INTRUSION DETECTION;

EID: 84893779151     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2013.05.009     Document Type: Article

References (45)

1. A.V. Aho, and M.J. Corasick Fast pattern matching an aid to bibliographic search Communications of the ACM 18 1975 333 340
2. A.G. Alagu Priya, and H. Lim Hierarchical packet classification using a bloom filter and rule-priority tries Computer Communications 33 10 2010 1215 1226
3. T. Auld, A.W. Moore, and S.F. Gull Bayesian neural networks for internet traffic classification IEEE Transactions on Neural Networks 18 1 2007 223 239 (Pubitemid 46062929)
4. Axelsson S. The base-rate fallacy and its implications for the difficulty of intrusion detection. In: Proceedings of the 6th ACM conference on computer and communications security (CCS); 1999. p. 1-7. (Pubitemid 32213894)
5. S. Axelsson The base-rate fallacy and the difficulty of intrusion detection ACM Transactions on Information and System Security 3 3 2000 186 205
6. R.S. Boyer, and J.S. Moore A fast string searching algorithm Communications of the ACM 20 10 1977 762 772
7. Bremler-Barr, A., Hay, D., Koral, Y., CompactDFA: generic state machine compression for scalable pattern matching. In: Proceedings of the IEEE INFOCOM; 2010. p. 1-9.
8. D. Cantone, S. Faro, and E. Giaquinta On the bit-parallel simulation of the nondeterministic Aho-Corasick and suffix automata for a set of patterns Journal of Discrete Algorithms 11 1 2012 25 36
9. Y.-H. Choi, M.-Y. Jung, and S.-W. Seo A fast pattern matching algorithm with multi-byte search unit for high-speed network security Computer Communications 34 14 2011 1750 1763
10. Commentz-Walter B. String matching algorithm fast on the average. In: Proceedings of the 6th international colloquium on automata, languages, and programming; 1979. p. 118-32.
11. DARPA Intrusion Detection Evaluation Data Set, 1999. 〈 http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999data. html âŒ.
12. Dietrich CJ, Rossow C. Empirical research on IP blacklisting. In: Proceedings of the 5th conference on email and anti-spam (CEAS); 2008. p. 1-8.
13. Dreger H, Feldmann A, Paxson V, Sommer R. Operational experiences with high-volume network intrusion detection. In: Proceedings of the 11th ACM conference on computer and communications security; 2004. p. 2-11. (Pubitemid 40338184)
14. Ďurian B, Peltola H, Salmela L, Tarhio J. Bit-parallel search algorithms for long patterns. In: Proceedings of the 9th international conference on experimental algorithms (SEA); 2010. p. 129-40.
15. M. Faezipour, and M. Nourani Wire-speed TCAM-based architectures for multimatch packet classification IEEE Transactions on Computers 58 1 2009 5 17
16. Fisk M, Varghese G. An analysis of fast string matching applied to content-based forwarding and intrusion detection. Technical Report CS2001-0670, University of California, San Diego; 2002.
17. R. Horspool Practical fast searching in strings Software Practice and Experience 1980 501 506
18. Hua N, Song H, Lakshman TV. Variable-stride multi-pattern matching for scalable deep packet inspection. In: Proceedings of the IEEE INFOCOM; 2009. p. 415-23.
19. Jung J, Sit E. An empirical study of spam traffic and the use of DNS black lists. In: Proceedings of the 4th ACM SIGCOMM conference on internet measurement (IMC); 2004. p. 370-5.
20. Kim K, Kim Y. A fast multiple string pattern matching algorithm. In: Proceedings of 17th AoM/IAoM conference on computer science; August 1999. p. 1-6.
21. H.-J. Kim, H.-S. Kim, and S. Kang A memory-efficient bit-split parallel string matching using pattern dividing for intrusion detection systems IEEE Transactions on Parallel and Distributed Systems 22 11 2011 1904 1911
22. H. Lim, S. Lee Jr., and E.E. Swartzlander A new hierarchical packet classification algorithm Computer Networks 56 13 2012 3010 3022
23. Mcafee Threat Report: Second Quarter 2012. 〈 http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2012.pdf âŒ.
24. McHugh J. Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory. ACM Transactions on Information System Security 2000: 262-94.
25. Meng Y, Kwok L-F. Adaptive context-aware packet filter scheme using statistic-based blacklist generation in network intrusion detection. In: Proceedings of the 7th international conference on information assurance and security (IAS); 2011. p. 74-9.
26. N.B. Neji, and A. Bouhoula A prefix-based approach for managing hybrid specifications in complex packet filtering Computer Networks 56 13 2012 3055 3064
27. Oro D, Luna J, Felguera T, Vilanova M, Serna J. Benchmarking IP blacklists for financial botnet detection. In: Proceedings of the 6th international conference on information assurance and security (IAS); 2010. p. 62-7.
28. D. Pao, and X. Wang Multi-stride string searching for high-speed content inspection The Computer Journal 55 10 2012 1216 1231
29. V. Paxson Bro: a system for detecting network intruders in real-time Computer Networks 31 23-24 1999 2435 2463
30. R. Perdisci, I. Corona, and G. Giacinto Early detection of malicious flux networks via large-scale passive DNS traffic analysis IEEE Transactions on Dependable and Secure Computing 9 5 2012 714 726
31. R.L. Rivest On the worst-case behavior of string-searching algorithms SIAM Journal on Computing 1977 669 674
32. Roesch M. Snort: lightweight intrusion detection for networks. In: Proceedings of the usenix lisa conference; 1999, p. 229-38.
33. Scarfone K, Mell P. Guide to intrusion detection and prevention systems (IDPS). NIST Special Publication 800-94; February 2007.
34. Snort 〈 http://www.snort.org/ âŒ.
35. Soldo F, Defrawy KE, Markopoulou A, Krishnamurthy B, van der Merwe J. Filtering sources of unwanted traffic. In: Proceedings of the 2008 information theory and applications workshop; 2008. p. 199-208.
36. Sommer R, Paxson V. Outside the closed world: on using machine learning for network intrusion detection. In: Proceedings of the IEEE symposium on security and privacy; 2010. p. 305-16.
37. Song H, Lockwood JW. Efficient packet classification for network intrusion detection using fpga. In: Proceedings of the ACM/SIGDA international symposium on field programmable gate arrays; February 2005. p. 238-45. (Pubitemid 40787613)
38. H. Song, and J.S. Turner Toward advocacy-free evaluation of packet classification algorithms IEEE Transactions on Computers 60 5 2011 723 733
39. Sourdis I, Dimopoulos V, Pnevmatikatos D, Vassiliadis S. Packet pre-filtering for network intrusion detection. In: Proceedings of the ACM/IEEE symposium on architectures for networking and communications systems (ANCS); 2006. p. 183-92. (Pubitemid 47209686)
40. L. Vespa, N. Weng, and R. Ramaswamy MS-DFA multiple-stride pattern matching for scalable deep packet inspection The Computer Journal 54 2 2011 285 303
41. P.C. Wang Scalable packet classification with controlled cross-producting Computer Networks 53 6 2009 821 834
42. West AG, Lee I. Towards the effective temporal association mining of spam blacklists. In: Proceedings of the 8th annual collaboration, electronic messaging, anti-abuse and spam conference (CEAS); 2011. p. 73-82.
43. West AG, Aviv AJ, Chang J, Lee I. Spam mitigation using spatiooral reputations from blacklist history. In: Proceedings of the 26th annual computer security applications conference (ACSAC); 2010. p. 161-70.
44. Wireshark Homepage 〈 http://www.wireshark.org/ âŒ.
45. Wu S, Manber U. A fast algorithm for multi-pattern searching. Technical Report TR-94-17, Department of Computer Science, University of Arizona; May 1994.