Sampling method for IDS in high bandwidth network
A novel sampling method,IDSampling,was developed to solve the performance unbalance problem that IDS could not scale well in G+bit/s link,which was adaptive with the consumption of the memory bottleneck.With the help of the heuristic messages,such as the entropy of the single-packet flow and the flo...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2009-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/74649732/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | A novel sampling method,IDSampling,was developed to solve the performance unbalance problem that IDS could not scale well in G+bit/s link,which was adaptive with the consumption of the memory bottleneck.With the help of the heuristic messages,such as the entropy of the single-packet flow and the flow length,IDSampling applied the simple sampling strategy based on the entropy of the single-packet flow when the large-scale anomaly occurred,or another complicated one instructed by the feedback of the rear detection results by default.In both cases IDSampling tried to guaran-tee the equal security with detection cost as low as it could.The results of experiment show that ①IDSampling keeps IDS effective by cutting off its load significantly when it is overloaded,at the same time it can guarantee the detection accuracy of the large-scale attack;②Comparing with the other two overwhelming sampling methods,the random packet sampling and the random flow sampling,the number of attack packets sampled by IDSampling is higher than that of the former two,the number outweighs the former two one order of magnitude especially in the large-scale anomaly case. |
|---|---|
| ISSN: | 1000-436X |