A categorical survey of state-of-the-art intrusion detection system-&lt;i&gt;Snort&lt;/i&gt;

Gupta, Alka; Sharma, Lalit Sen

doi:10.1504/ijics.2020.109481

Cited by 7 publications

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SnortFlow implements countermeasures against attacks through a network reconfiguration. However, the proposal is limited only to the Xen hypervisor virtualization platform, and the Snort [Gupta and Sharma (2020)] agent installed in each management domain (Dom 0) can overload Xen Dom 0. Dom 0 overhead can become a bottleneck, degrading the network performance of all Virtual Machines (VMs) hosted on the same physical server.…”

Section: Related Workmentioning

confidence: 99%

A Network Function Virtualization Architecture for Automatic and Efficient Detection and Mitigation against Web Application Malware

Mauricio

Rubinstein

2023

JISA

View full text Add to dashboard Cite

This paper proposes and implements a Network Function Virtualization (NFV) security architecture to provide automatic and efficient detection and mitigation against Web application malware. The mitigation is given by dynamically chaining a Virtual Security Function (VSF) to the data stream to block malicious exploitation traffic without affecting the benign traffic. We implement an NFV Security Controller (NFV-SC) that interacts with an Intrusion Detection System and a Web Application Firewall (WAF), both implemented as VSFs. We also implement a vulnerability scanner and a mechanism to automatically create rules in advance in the WAF-VSF when a security vulnerability is found in an application, even if no malicious traffic has attempted to exploit the flaw. In addition, it dynamically identifies and removes no longer used security rules to improve performance. We implement and evaluate our security proposal in the Open Platform for NFV (OPNFV). The evaluation results in our experimental scenarios show that the NFV security architecture automatically blocks 99.12% of the HTTP malicious traffic without affecting 93.6% of the benign HTTP requests. Finally, we show that the number of rules in the WAF-VSF severely affects the latency to load HTTP response headers and that the number of redirection OpenFlow rules within Open vSwitches is not enough to significantly impact the end-user experience in modern web browser applications.

show abstract

Section: Related Workmentioning

confidence: 99%

A Network Function Virtualization Architecture for Automatic and Efficient Detection and Mitigation against Web Application Malware

Mauricio

Rubinstein

2023

JISA

View full text Add to dashboard Cite

show abstract

“…It just monitors the packets, and without doing any action, the data is displayed on the screen during the sniffer mode, while in the packet logger mode, it logs the information on the hard disk. In the Intrusion Detection or Prevention mode, the network traffic is compared against the rule set; if the packet matches with any rule, it is detected as an attack and an alarm is raised [18].…”

Section: Related Workmentioning

confidence: 99%

Intrusion Detection Using Statistical Classifier Based on Packet Header Analysis

Malarkodi,

K G

et al. 2023

Preprint

View full text Add to dashboard Cite

CBSeq: A Channel-Level Behavior Sequence for Encrypted Malware Traffic Detection

Cui,

Dong,

Shen

et al. 2023

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

A categorical survey of state-of-the-art intrusion detection system-<i>Snort</i>

Cited by 7 publications

References 0 publications

A Network Function Virtualization Architecture for Automatic and Efficient Detection and Mitigation against Web Application Malware

A Network Function Virtualization Architecture for Automatic and Efficient Detection and Mitigation against Web Application Malware

Intrusion Detection Using Statistical Classifier Based on Packet Header Analysis

CBSeq: A Channel-Level Behavior Sequence for Encrypted Malware Traffic Detection

Contact Info

Product

Resources

About