2011 IEEE International Conference on Communications (ICC) 2011
DOI: 10.1109/icc.2011.5963095
|View full text |Cite
|
Sign up to set email alerts
|

An Approach for Unifying Rule Based Deep Packet Inspection

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
9
0

Year Published

2011
2011
2020
2020

Publication Types

Select...
3
2
1

Relationship

0
6

Authors

Journals

citations
Cited by 8 publications
(9 citation statements)
references
References 6 publications
0
9
0
Order By: Relevance
“…The rule set itself is of enterprise quality because it is commercially maintained and has numerous commercial users and contributors. However, the major limitation of the Snort rule set is that it is purpose built for the Snort IDS and so can only be used, in their original format, by systems based on the Snort IDS [5]. Also, a general issue with modern IDSs is the continuing increase in network traffic and network speeds as well as the continuous addition of new detection rules.…”
Section: Network Intrusion Detectionmentioning
confidence: 99%
See 2 more Smart Citations
“…The rule set itself is of enterprise quality because it is commercially maintained and has numerous commercial users and contributors. However, the major limitation of the Snort rule set is that it is purpose built for the Snort IDS and so can only be used, in their original format, by systems based on the Snort IDS [5]. Also, a general issue with modern IDSs is the continuing increase in network traffic and network speeds as well as the continuous addition of new detection rules.…”
Section: Network Intrusion Detectionmentioning
confidence: 99%
“…The system developed in [5] aims to create a unified DPI rule set integrating, initially, the Snort rule set but later also integrating most other DPI rule sets such as Bro, L7-filter and ClamAV as well. These new generalized rules incorporate regular expression (Regex) pattern matching for DPI since Regex is particularly useful for its high speed performance.…”
Section: Network Intrusion Detectionmentioning
confidence: 99%
See 1 more Smart Citation
“…We currently have 8500 rules from [4], which have been translated into Snort2Regex format using the Snort2Regex translator. Regex pattern matching is then executed using highspeed hardware for intrusion detection on raw packet data.…”
Section: Network Intrusion Rulesmentioning
confidence: 99%
“…Rather, we assume that given a set of such rules (called Snort2Regex rules) created using the Snort2Regex translator [4], our task is to deploy formal AI approaches for analyzing these rules and to discover any inconsistencies (the occurrence of conflicting information) among them. Such attempts for inconsistency detection have not been carried out within intrusion detection research.…”
Section: Introductionmentioning
confidence: 99%