A Multimedia Traffic Classification Scheme for Intrusion Detection Systems

Intrusion detection systems (IDS) have become widely used tools for ensuring system and network security. Among many other challenges, contemporary IDS have to cope with increasingly higher bandwidths, which sometimes force them to let some data go by without being checked for possible malicious activity. This paper presents a novel method to improve the performance of IDS based on multimedia traffic classification. In the proposed method, the IDS has additional knowledge about common multimedia file formats and uses this knowledge to perform a more detailed analysis of packets carrying that type of data. If the structure and selected contents of the data are compliant, the corresponding stream is tagged accordingly, and the IDS is spared from further work on that stream. Otherwise, an anomaly is detected and reported. Our experiments using Snort confirm that this additional specialized knowledge results in substantial computational savings, without significant overhead for processing non-multimedia data