As the use of the Internet has increased tremendously, the network traffic involved in malicious activities has also grown significantly. To detect and classify such malicious activities, Snort, the open-sourced network intrusion detection system, is widely used. Snort examines incoming packets with all Snort rules to detect potential malicious packets. Because the portion of malicious packets is usually small, it is not efficient to examine incoming packets with all Snort rules. In this paper, we apply two indexing methods to Snort rules, Prefix Indexing and Random Indexing, to reduce the number of rules to be examined. We also present experimental results with the indexing methods. © 2012 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Kang, B., Kim, H. S., Yang, J. S., & Im, E. G. (2012). Rule indexing for efficient intrusion detection systems. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7115 LNCS, pp. 136–141). https://doi.org/10.1007/978-3-642-27890-7_11
Mendeley helps you to discover research relevant for your work.