Sciweavers

ACSAC
2005
IEEE

Exploiting Independent State For Network Intrusion Detection

13 years 9 months ago
Exploiting Independent State For Network Intrusion Detection
Network intrusion detection systems (NIDSs) critically rely on processing a great deal of state. Often much of this state resides solely in the volatile processor memory accessible to a single user-level process on a single machine. In this work we highlight the power of independent state, i.e., internal fine-grained state that can be propagated from one instance of a NIDS to others running either concurrently or subsequently. Independent state provides us with a wealth of possible applications that hold promise for enhancing the capabilities of NIDSs. We discuss an implementation of independent state for the Bro NIDS and examine how we can then leverage independent state for distributed processing, load parallelization, selective preservation of state across restarts and crashes, dynamic reconfiguration, high-level policy maintenance, and support for profiling and debugging. We have experimented with each of these applications in several large environments and are now working to i...
Robin Sommer, Vern Paxson
Added 24 Jun 2010
Updated 24 Jun 2010
Type Conference
Year 2005
Where ACSAC
Authors Robin Sommer, Vern Paxson
Comments (0)