| Presentation | 2008-07-25 Improving Resistance to DoS using Attack History in Signature-based Intrusion Detection Systems Ryota MIYAZAWA, Koki ABE, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | We propose a method to reduce processing load for signature matching and IOwait time for log output of signature-based intrusion detection systems (IDSes) against DoS attacks. The method consists of the flowing two ideas: (1) To improve the detection efficiency, holding a history of pairs of signature ID matched with a substring and offset pointing to the substring in attack packets, we perform a prioritized search in the history. (2) To reduce the IOwait time, without issuing a large amount of alerts, we refer to an alert history and cancel the log output events and count the number of detections if the same kind of attacks has been detected within short period. Experimental evaluation using the standard Snort with modifications according to the proposed ideas revealed that processing load of the IDS is reduced by 70% and 40% against a typical DoS attack and multiple kinds of DoS attacks, respectively. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Intrusion detection / signature based / DoS attack / attack history / processing load |
| Paper # | ISEC2008-36 |
| Date of Issue |
| Conference Information | |
| Committee | ISEC |
|---|---|
| Conference Date | 2008/7/17(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information Security (ISEC) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Improving Resistance to DoS using Attack History in Signature-based Intrusion Detection Systems |
| Sub Title (in English) | |
| Keyword(1) | Intrusion detection |
| Keyword(2) | signature based |
| Keyword(3) | DoS attack |
| Keyword(4) | attack history |
| Keyword(5) | processing load |
| 1st Author's Name | Ryota MIYAZAWA |
| 1st Author's Affiliation | Department of Computer Science, The University of Electro-Communications() |
| 2nd Author's Name | Koki ABE |
| 2nd Author's Affiliation | Department of Computer Science, The University of Electro-Communications |
| Date | 2008-07-25 |
| Paper # | ISEC2008-36 |
| Volume (vol) | vol.108 |
| Number (no) | 162 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |