Title :
Optimization methods of GIDS packet classification using dynamic traffic characteristic
Author :
Zhuo, Ning ; Zhi-xin, Sun ; Jian-zhen, Xu
Author_Institution :
Sch. of Internet of Things, Nanjing Univ. of Posts & Telecommun., Nanjing, China
Abstract :
Traditional packet classification algorithms in Giga bit Intrusion Detection System (GIDS) always focus on static characteristic of the signature and ignore the traffic characteristic totally. In this paper we argue that efficiency of the classification algorithm is up to how current traffic visits the tree, the more well-proportioned the classification tree could partition the traffic, the more efficient it would be. So optimization methods using dynamic traffic characteristics are exploited. Our contributions lie in three folds. Firstly, a novel best classification tree is formally defined aiming to minimize the visit cost of the traffic in the slot, based on which optimization methods are exploited. Secondly, Packet Feature Entropy is proposed to measure how efficiently a packet field can partition the traffic, and the popular 14 packet fields used in Snort are investigated in detail by 10Gbps backbone trace and Netflow data. Finally, adaptive updating strategies are discussed by analyzing the experiment results.
Keywords :
optimisation; pattern classification; security of data; telecommunication traffic; trees (mathematics); GIDS packet classification; Netflow data; Snort; adaptive updating strategy; backbone trace; classification tree; dynamic traffic characteristic; giga bit intrusion detection system; optimization methods; packet feature entropy; packet field; static characteristic; traditional packet classification algorithms; Classification algorithms; Current measurement; Entropy; Optimization; Protocols; GIDS; Heavy Hitters; Packet Feature Entropy; Traffic Characteristic;
Conference_Titel :
Information Science and Digital Content Technology (ICIDT), 2012 8th International Conference on
Conference_Location :
Jeju
Print_ISBN :
978-1-4673-1288-2
