Title :
A general purpose application layer IDS
Author :
LIU, Shishi ; Sun, Jizhou ; Zhao, Xiaoling ; Wei, Zunce
Author_Institution :
Sch. of Electron. Inf. Eng., Tianjin Univ., China
Abstract :
This article concentrates on the design and implementation of a general purpose application layer IDS (intrusion detection system). Being different from the traditional IDSs based on the network layer, this system can rebuild the TCP sessions and deal with different kinds of intrusions on the application layer. The whole process can be described briefly as: The system reassembles the IP packets captured by the sniffers, rebuilds the TCP sessions and provides a plug-in mechanism to process the data of different application layer protocols. Since the amount of the IP packets sniffed is very large, they are divided into different parts and send to multiple machines, where the packets are processed in parallel so that the system attains good performance, scalability, and stability. We have made some test on this system in a typical network environment and the results obtained show that the system is well designed.
Keywords :
IP networks; telecommunication security; transport protocols; IP packet; LIBPCAP; TCP session; Transport Control Protocol; application layer protocol; general purpose application layer IDS; intrusion detection system; plug-in mechanism; sniffer; Access protocols; Databases; Design engineering; Intrusion detection; Linux; Mode matching methods; Scalability; Stability; System testing; TCPIP;
Conference_Titel :
Electrical and Computer Engineering, 2003. IEEE CCECE 2003. Canadian Conference on
Print_ISBN :
0-7803-7781-8
DOI :
10.1109/CCECE.2003.1226046
