Stream Splitting in Support of Intrusion Detection

Abstract

One of the most significant challenges with modern intrusion detection systems is the high rate of false alarms that they generate. In order to lower this rate, we propose to reduce the amount of traffic sent to the intrusion detection system via a filtering process termed stream splitting. Each packet arriving at the system is treated as belonging to a connection. Each connection is then assigned to a network stream. A network stream can then be sent to an analysis engine tailored specifically for that type of data. To demonstrate a stream-splitting capability both an extend able multi-threaded architecture and prototype were developed. This system was then tested to ensure the ability to capture traffic and found to be able to do so with minimal loss at network speeds up to 20 Mb/s. The stream splitter was also shown to be able to correctly implement a traffic separation scheme.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2003
Accession Number
ADA417485

Entities

People

  • John D. Judd

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Materials and Manufacturing Processes
  • Sensors

DTIC Thesaurus Topics

  • California
  • Computer Networks
  • Computer Programs
  • Computer Science
  • Computing System Architectures
  • Detection
  • Detectors
  • False Alarms
  • Fuzzy Logic
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Models
  • Network Architecture
  • Network Protocols
  • Object-Oriented Programming Language

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Parallel and Distributed Computing.
  • Radar Systems Engineering.