Skip to main content
SpringerLink
Log in

A High-Performance Network Monitoring Platform for Intrusion Detection

  • Conference paper
Information Networking. Convergence in Broadband and Mobile Networking (ICOIN 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3391))

Included in the following conference series:

Abstract

This paper presents and implements a high-performance network monitoring platform (HPNMP) for high bandwidth network intrusion detection system (NIDS). The traffic load on a single machine is heavily reduced in an operation mode of parallel cluster. An efficient user-level messaging mechanism is implemented and a multi-rule packet filter is built at user layer. The results of experiments indicate that HPNMP is capable of reducing the using rate of CPU while improving the efficiency of data collection in NIDS so as to save much more system resources for complex data analysis in NIDS. ...

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Roesch, M.: Snort: Lightweight Intrusion Detection for Network. In: Proceedings of the 13th Systems Administration Conference, Seattle, Washington, USA, pp. 265–273 (1999)

    Google Scholar 

  2. Libpcap (2002), http://www.tcpdump.org/release/libpcap-0.7.2.tar.gz

  3. Wu, Y., Binxing, F., et al.: Research and Improvement on the Packet Capture Mechanism in Linux for High-Speed Network. Journal of Harbin Institute of Technology (New Series) 11, 56–64 (2004)

    Google Scholar 

  4. Matt, W., Anindya, B., Thorsten, V.E.: Incorporating Memory Management into User-Level Network Interfaces. In: Proceedings of Hot Interconnects Symposium, Stanford, pp. 618–628 (1997)

    Google Scholar 

  5. Eicken, V., Vogels, W.: Evolution of the Virtual Interface Architecture. IEEE Computer 31(11), 61–68 (1998)

    Google Scholar 

  6. Cezary, D., Liviu, I., Edward, W., et al.: Software Support for Virtual Memory- Mapped Communication. In: Proceedings of the 10th International Parallel Processing Symposium (IPPS 1996), Honolulu, pp. 372–381 (1996)

    Google Scholar 

  7. Steven, M., Jacobson, V.: The BSD Packet Filter: A New Architecture for User-Level Packet Capture. In: Proceedings of The Winter USENIX Conference, San Diego, pp. 259–269 (1993)

    Google Scholar 

  8. Vankamamidi, R.: ASL: A Specification Language for Intrusion Detection and Network Monitoring. M.S. Thesis, Department of Computer Science, Iowa State University (1998)

    Google Scholar 

  9. Sekar, R.C., Ramesh, R., Ramakrishnan, I.V.: Adaptive Pattern Matching. SIAM Journal on Computing 24(6), 1207–1234 (1995)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Network and Information Security Technique Research Center, Harbin Institute of Technology, Harbin, 150001, China

    Yang Wu & Xiao-Chun Yun

Authors
  1. Yang Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiao-Chun Yun
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Pohang University of Science and Technology (POSTECH), San 31 HyoJa-Dong, Nam-Gu, 790-784, Pohang, Korea

    Cheeha Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wu, Y., Yun, XC. (2005). A High-Performance Network Monitoring Platform for Intrusion Detection. In: Kim, C. (eds) Information Networking. Convergence in Broadband and Mobile Networking. ICOIN 2005. Lecture Notes in Computer Science, vol 3391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30582-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30582-8_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24467-7

  • Online ISBN: 978-3-540-30582-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation