Towards effective and robust list-based packet filter for signature-based network intrusion detection: An engineering approach

Weizhi MENG, Wenjuan LI, Lam For KWOK

Research output: Contribution to journalArticlespeer-review

5 Citations (Scopus)

Abstract

Network intrusion detection systems (NIDSs) which aim to identify various attacks, have become an essential part of current security infrastructure. In particular, signature-based NIDSs are being widely implemented in industry due to their low rate of false alarms. However, the signature matching process is a big challenge for these systems, in which the cost is at least linear to the size of an input string. As a result, overhead packets will be a major issue for practical usage, where the incoming packets exceed the maximum capability of an intrusion detection system (IDS). To mitigate this problem, packet filtration is a promising solution to reduce unwanted traffic. Motivated by this, in this work, a list-based packet filter was designed and an engineering method of combining both blacklist and whitelist techniques was introduced. To further secure such filters against IP spoofing attacks, a lightweight but efficient IP verification mechanism was developed. In the evaluation, a list-based packet filter was deployed in both simulated and real network environments under honest and dishonest scenarios. Experimental results demonstrate that the developed list-based packet filter is effective in traffic filtration as well as workload reduction, and is robust against IP spoofing attacks. Copyright © 2017 The Hong Kong Institution of Engineers.

Original languageEnglish
Pages (from-to)204-215
JournalHKIE Transactions
Volume24
Issue number4
DOIs
Publication statusPublished - Oct 2017

Citation

Meng, W., Li, W., & Kwok, L. F. (2017). Towards effective and robust list-based packet filter for signature-based network intrusion detection: An engineering approach. HKIE Transactions, 24(4), 204-215. https://doi.org/10.1080/1023697X.2017.1375437

Keywords

  • Intrusion detection system
  • Network packet filter
  • List generation
  • Network security and performance
  • IP verification

Fingerprint

Dive into the research topics of 'Towards effective and robust list-based packet filter for signature-based network intrusion detection: An engineering approach'. Together they form a unique fingerprint.