Performance Analysis of Content Matching Intrusion Detection Systems

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by S. Antonatos Articles by K. G. Anagnostakis Articles by E. P. Markatos Articles by M. Polychronakis

2004 Symposium on Applications and the Internet (SAINT'04)

Tokyo, Japan

January 26-January 30

ISBN: 0-7695-2068-5

	ASCII Text	x
	S. Antonatos, K. G. Anagnostakis, E. P. Markatos, M. Polychronakis, "Performance Analysis of Content Matching Intrusion Detection Systems," Applications and the Internet, IEEE/IPSJ International Symposium on, pp. 208, 2004 Symposium on Applications and the Internet (SAINT'04), 2004.

	BibTex	x
	@article{ 10.1109/SAINT.2004.1266118, author = {S. Antonatos and K. G. Anagnostakis and E. P. Markatos and M. Polychronakis}, title = {Performance Analysis of Content Matching Intrusion Detection Systems}, journal ={Applications and the Internet, IEEE/IPSJ International Symposium on}, volume = {0}, year = {2004}, isbn = {0-7695-2068-5}, pages = {208}, doi = {http://doi.ieeecomputersociety.org/10.1109/SAINT.2004.1266118}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Applications and the Internet, IEEE/IPSJ International Symposium on TI - Performance Analysis of Content Matching Intrusion Detection Systems SN - 0-7695-2068-5 SP EP A1 - S. Antonatos, A1 - K. G. Anagnostakis, A1 - E. P. Markatos, A1 - M. Polychronakis, PY - 2004 KW - security KW - intrusion detection KW - workload characterization and generation VL - 0 JA - Applications and the Internet, IEEE/IPSJ International Symposium on ER -

S. Antonatos, Foundation for Research & Technology — Hellas

K. G. Anagnostakis, University of Pennsylvania

E. P. Markatos, Foundation for Research & Technology — Hellas

M. Polychronakis, Foundation for Research & Technology — Hellas

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SAINT.2004.1266118

Although Network Intrusion Detection Systems (nIDS) are widely used, there is limited understanding of how these systems perform in different settings and how they should be evaluated. This paper examines how nIDS performance is affected by traffic characteristics, rulesets, string matching algorithms and processor architecture. The analysis presented in this paper shows that nIDS performance is very sensitive to these factors. Evaluating a nIDS therefore requires careful consideration of a fairly extensive set of scenarios. Our results also highlight potential dangers with the use of workloads based on combining widely-available packet header traces with synthetic packet content as well as with the use of synthetic rulesets.

Index Terms:

security, intrusion detection, workload characterization and generation

Citation:

S. Antonatos, K. G. Anagnostakis, E. P. Markatos, M. Polychronakis, "Performance Analysis of Content Matching Intrusion Detection Systems," saint, pp.208, 2004 Symposium on Applications and the Internet (SAINT'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.