침입 탐지 시스템에서의 효율적인 시그니쳐 검사 방법에 대한 연구
- Title
- 침입 탐지 시스템에서의 효율적인 시그니쳐 검사 방법에 대한 연구
- Other Titles
- A Study on Efficient Signature Matching Techniques for Intrusion Detection Systems
- Author
- 김혜선
- Alternative Author(s)
- Kim, Hye Seon
- Advisor(s)
- 임을규
- Issue Date
- 2012-02
- Publisher
- 한양대학교
- Degree
- Master
- Abstract
- The network traffic for malicious activities on the Internet is increasing steadily and becoming more sophisticated over time. For quick and accurate detection of malicious network traffic, intrusion detection systems such as Snort are used. Although the accuracy of packet inspection might increase by inspecting packet payloads thoroughly, it is hard to achieve fast detection with this method.
In this paper, Growing Prefix Indexing (GPI) is proposed for efficient signature inspection on intrusion detection systems. In GPI, the first few characters of a signature are selected as an index, and signatures that share the same index are grouped together. The maximum number of signatures per index is limited for balanced distribution of signatures.
The packet inspection results with GPI are presented in this paper, which show the amount of strings to be examined can be dramatically reduced with GPI, which also leads to faster packet inspection. Although the experiments were done with Snort signatures, the indexing can also be applied to other signature-based intrusion detection systems.
- URI
- https://repository.hanyang.ac.kr/handle/20.500.11754/137074http://hanyang.dcollection.net/common/orgView/200000419467
- Appears in Collections:
- GRADUATE SCHOOL[S](대학원) > ELECTRONICS AND COMPUTER ENGINEERING(전자컴퓨터통신공학과) > Theses (Master)
- Files in This Item:
There are no files associated with this item.
- Export
- RIS (EndNote)
- XLS (Excel)
- XML