ScienceDirect® Home Skip Main Navigation Links
You have guest access to ScienceDirect. Find out more.
 
Home
Browse
My Settings
Alerts
Help
 Quick Search
 Search tips (Opens new window)
    Clear all fields    
Computers & Security
Volume 24, Issue 4, June 2005, Pages 287-294
 
Font Size: Decrease Font Size  Increase Font Size
 Abstract - selected
Article
Purchase PDF (244 K)

  E-mail Article   
  Add to my Quick Links   
Bookmark and share in 2collab (opens in new window)
Request permission to reuse this article
  Cited By in Scopus (8)
 
 
 
Related Articles in ScienceDirect
View More Related Articles
 
View Record in Scopus
 
doi:10.1016/j.cose.2004.07.005    How to Cite or Link Using DOI (Opens New Window)
Copyright © 2004 Elsevier Ltd All rights reserved.

Real-time intrusion detection for high-speed networksstar, open

Wenbao JiangCorresponding Author Contact Information, E-mail The Corresponding Author, Hua SongE-mail The Corresponding Author and Yiqi DaiE-mail The Corresponding Author

Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China

Received 10 February 2004; 
revised 13 July 2004; 
accepted 29 July 2004. 
Available online 17 November 2004.

Purchase the full-text article



References and further reading may be available for this article. To view references and further reading you must purchase this article.

Abstract

Network-based intrusion detection systems (NIDSs) frequently have problems with handling heavy traffic loads in real-time, which result in packet loss and false negatives. This paper presents a high-performance network intrusion detection system, called HPMonitor, which combines a high-efficiency detection engine and a load-balancing device to address these problems. The paper describes HPMonitor's system architecture, discusses a flow-based dynamic load-balancing algorithm called dynamic least load first (DLLF) algorithm, and introduces a new multi-pattern string matching algorithm called shift max algorithm (SMA). The test results reveal that the DLLF algorithm is an effective balancing algorithm for NIDS. Meanwhile, the experimental results show that the SMA algorithm is faster in searching large sets of patterns when compared with other algorithms, and its performance is affected little when the patterns set number increases.

Keywords: Network security; Intrusion detection; High-speed network; Load balancing; Multi-pattern string matching algorithm

Article Outline

Introduction
Related works
System architecture
Dynamic load-balancing algorithm
Load function model
Evaluation
Multi-pattern string matching algorithm
Constructing automaton
Searching algorithm
Evaluation
Conclusions
Side bar
Introduction to E. Ukkonen's paper
References
Vitae





Computers & Security
Volume 24, Issue 4, June 2005, Pages 287-294
 
Home
Browse
My Settings
Alerts
Help
Elsevier.com (Opens new window)
About ScienceDirect  |  Contact Us  |  Information for Advertisers  |  Terms & Conditions  |  Privacy Policy
Copyright © 2008 Elsevier B.V. All rights reserved. ScienceDirect® is a registered trademark of Elsevier B.V.