A Traffic Classification Algorithm for Intrusion Detection

Author

Abbes, Tarek ; Bouhoula, Adel ; Rusinowitch, Michaël

Author_Institution

ISECS, Sfax

Volume

1

fYear

2007

fDate

21-23 May 2007

Firstpage

188

Lastpage

193

Abstract

We propose in this paper a new intrusion detection method for supporting high speed traffic. As in firewalls and routers, we rely on packet classification to specialize the task of several network intrusions detection systems (NIDSs). We build several traffic classes regarding the network configuration and the traffic properties. Then we consider the NIDS characteristics to select for each class the suitable intrusion detection method. Our idea offers several advantages such as load balancing, fault tolerance and attack prevention. We express our traffic classification method by means of traffic division rules. Then we adequately construct the paths of these rules to reduce the overlapping cases. We transform the rule paths in a prefix trie that we complete by failure links to finally get a directed acyclic graph (DAG). We believe that our classification method is useful for other problems such as firewalling, routing and billing.

Keywords

directed graphs; security of data; telecommunication security; telecommunication traffic; directed acyclic graph; network intrusions detection system; packet classification; traffic classification algorithm; traffic division rule; Acceleration; Classification algorithms; Engines; Inspection; Intrusion detection; Load management; Routing; Runtime; Telecommunication traffic; Transport protocols;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications Workshops, 2007, AINAW '07. 21st International Conference on

Conference_Location

Niagara Falls, Ont.

Print_ISBN

978-0-7695-2847-2

Type

conf

DOI

10.1109/AINAW.2007.62

Filename

4221058