Sciweavers

Share
LISA
2008

Fast Packet Classification for Snort by Native Compilation of Rules

12 years 2 days ago
Fast Packet Classification for Snort by Native Compilation of Rules
Signature matching, which includes packet classification and content matching, is the most expensive operation of a signature-based network intrusion detection system (NIDS). In this paper, we present a technique to improve the performance of packet classification of Snort, a popular open-source NIDS, based on generating native code from Snort signatures.1 An obvious way to generate native code for packet classification is to use a low-level language like C to access the contents of a packet by treating it as a sequence of bytes. Generating such low-level code manually can be cumbersome and error prone. Use of a high-level specification language can simplify the task of writing packet classification code. Such a language needs features that minimize the likelihood of common errors as errors in the packet processing code can crash the intrusion detection system, which may leave it open to attacks. To overcome these problems, we use a rule-based specification language with a type system...
Alok Tongaonkar, Sreenaath Vasudevan, R. Sekar
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where LISA
Authors Alok Tongaonkar, Sreenaath Vasudevan, R. Sekar
Comments (0)
books