Network packet filtering and deep packet inspection hybrid mechanism for IDS early packet matching

Zouheir Trabelsi; Safaa Zeidan; Mohammad M. Masud

doi:10.1109/AINA.2016.178

Network packet filtering and deep packet inspection hybrid mechanism for IDS early packet matching

Zouheir Trabelsi, Safaa Zeidan, Mohammad M. Masud

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Citations (Scopus)

Abstract

Modern network packet processing applications such as Intrusion Detection System (IDS) perform packet filtering and deep packet inspection (DPI), also known as packet content inspection. Fundamentally, for packet filtering, these applications attempt to use the contents of some header fields of the network, transport and application layers of the packets. While for DPI, these applications use attack signature rules to search for predefined patterns in the packet application header fields or payload data. This paper discusses a hybrid mechanism based on the use of splay tree filters and pattern-matching algorithms to enhance IDS packet filtering and DPI performance, respectively. The proposed mechanism uses network traffic statistics to dynamically optimize the order of the splay tree filters, allowing early acceptance and rejection of network packets. In addition, DPI signature rules are reordered according to their matching frequencies, allowing early packets acceptance. We demonstrate the merit of our mechanism through simulations performed on Snort's string set.

Original language	English
Title of host publication	Proceedings - IEEE 30th International Conference on Advanced Information Networking and Applications, IEEE AINA 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	808-815
Number of pages	8
Volume	2016-May
ISBN (Electronic)	9781509018574
DOIs	https://doi.org/10.1109/AINA.2016.178
Publication status	Published - May 19 2016
Event	30th IEEE International Conference on Advanced Information Networking and Applications, AINA 2016 - Crans-Montana, Switzerland Duration: Mar 23 2016 → Mar 25 2016

Other

Other	30th IEEE International Conference on Advanced Information Networking and Applications, AINA 2016
Country/Territory	Switzerland
City	Crans-Montana
Period	3/23/16 → 3/25/16

Keywords

Binary Search on Prefix Length
Deep Packet inspection
Network intrusion detection
Network traffic statistics
Packet filtering
Pattern matching
Splay Tree

ASJC Scopus subject areas

Engineering(all)

Access to Document

10.1109/AINA.2016.178

Cite this

Trabelsi, Z., Zeidan, S., & Masud, M. M. (2016). Network packet filtering and deep packet inspection hybrid mechanism for IDS early packet matching. In Proceedings - IEEE 30th International Conference on Advanced Information Networking and Applications, IEEE AINA 2016 (Vol. 2016-May, pp. 808-815). [7474172] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/AINA.2016.178

Network packet filtering and deep packet inspection hybrid mechanism for IDS early packet matching. / Trabelsi, Zouheir; Zeidan, Safaa; Masud, Mohammad M.
Proceedings - IEEE 30th International Conference on Advanced Information Networking and Applications, IEEE AINA 2016. Vol. 2016-May Institute of Electrical and Electronics Engineers Inc., 2016. p. 808-815 7474172.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Trabelsi, Z, Zeidan, S & Masud, MM 2016, Network packet filtering and deep packet inspection hybrid mechanism for IDS early packet matching. in Proceedings - IEEE 30th International Conference on Advanced Information Networking and Applications, IEEE AINA 2016. vol. 2016-May, 7474172, Institute of Electrical and Electronics Engineers Inc., pp. 808-815, 30th IEEE International Conference on Advanced Information Networking and Applications, AINA 2016, Crans-Montana, Switzerland, 3/23/16. https://doi.org/10.1109/AINA.2016.178

Trabelsi Z, Zeidan S, Masud MM. Network packet filtering and deep packet inspection hybrid mechanism for IDS early packet matching. In Proceedings - IEEE 30th International Conference on Advanced Information Networking and Applications, IEEE AINA 2016. Vol. 2016-May. Institute of Electrical and Electronics Engineers Inc. 2016. p. 808-815. 7474172 doi: 10.1109/AINA.2016.178

@inproceedings{7d0195e7eca1445994adc75672009aa9,

title = "Network packet filtering and deep packet inspection hybrid mechanism for IDS early packet matching",

abstract = "Modern network packet processing applications such as Intrusion Detection System (IDS) perform packet filtering and deep packet inspection (DPI), also known as packet content inspection. Fundamentally, for packet filtering, these applications attempt to use the contents of some header fields of the network, transport and application layers of the packets. While for DPI, these applications use attack signature rules to search for predefined patterns in the packet application header fields or payload data. This paper discusses a hybrid mechanism based on the use of splay tree filters and pattern-matching algorithms to enhance IDS packet filtering and DPI performance, respectively. The proposed mechanism uses network traffic statistics to dynamically optimize the order of the splay tree filters, allowing early acceptance and rejection of network packets. In addition, DPI signature rules are reordered according to their matching frequencies, allowing early packets acceptance. We demonstrate the merit of our mechanism through simulations performed on Snort's string set.",

keywords = "Binary Search on Prefix Length, Deep Packet inspection, Network intrusion detection, Network traffic statistics, Packet filtering, Pattern matching, Splay Tree",

author = "Zouheir Trabelsi and Safaa Zeidan and Masud, {Mohammad M.}",

year = "2016",

month = may,

day = "19",

doi = "10.1109/AINA.2016.178",

language = "English",

volume = "2016-May",

pages = "808--815",

booktitle = "Proceedings - IEEE 30th International Conference on Advanced Information Networking and Applications, IEEE AINA 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

note = "30th IEEE International Conference on Advanced Information Networking and Applications, AINA 2016 ; Conference date: 23-03-2016 Through 25-03-2016",

}

TY - GEN

T1 - Network packet filtering and deep packet inspection hybrid mechanism for IDS early packet matching

AU - Trabelsi, Zouheir

AU - Zeidan, Safaa

AU - Masud, Mohammad M.

PY - 2016/5/19

Y1 - 2016/5/19

N2 - Modern network packet processing applications such as Intrusion Detection System (IDS) perform packet filtering and deep packet inspection (DPI), also known as packet content inspection. Fundamentally, for packet filtering, these applications attempt to use the contents of some header fields of the network, transport and application layers of the packets. While for DPI, these applications use attack signature rules to search for predefined patterns in the packet application header fields or payload data. This paper discusses a hybrid mechanism based on the use of splay tree filters and pattern-matching algorithms to enhance IDS packet filtering and DPI performance, respectively. The proposed mechanism uses network traffic statistics to dynamically optimize the order of the splay tree filters, allowing early acceptance and rejection of network packets. In addition, DPI signature rules are reordered according to their matching frequencies, allowing early packets acceptance. We demonstrate the merit of our mechanism through simulations performed on Snort's string set.

AB - Modern network packet processing applications such as Intrusion Detection System (IDS) perform packet filtering and deep packet inspection (DPI), also known as packet content inspection. Fundamentally, for packet filtering, these applications attempt to use the contents of some header fields of the network, transport and application layers of the packets. While for DPI, these applications use attack signature rules to search for predefined patterns in the packet application header fields or payload data. This paper discusses a hybrid mechanism based on the use of splay tree filters and pattern-matching algorithms to enhance IDS packet filtering and DPI performance, respectively. The proposed mechanism uses network traffic statistics to dynamically optimize the order of the splay tree filters, allowing early acceptance and rejection of network packets. In addition, DPI signature rules are reordered according to their matching frequencies, allowing early packets acceptance. We demonstrate the merit of our mechanism through simulations performed on Snort's string set.

KW - Binary Search on Prefix Length

KW - Deep Packet inspection

KW - Network intrusion detection

KW - Network traffic statistics

KW - Packet filtering

KW - Pattern matching

KW - Splay Tree

UR - http://www.scopus.com/inward/record.url?scp=84988927209&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84988927209&partnerID=8YFLogxK

U2 - 10.1109/AINA.2016.178

DO - 10.1109/AINA.2016.178

M3 - Conference contribution

AN - SCOPUS:84988927209

VL - 2016-May

SP - 808

EP - 815

BT - Proceedings - IEEE 30th International Conference on Advanced Information Networking and Applications, IEEE AINA 2016

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 30th IEEE International Conference on Advanced Information Networking and Applications, AINA 2016

Y2 - 23 March 2016 through 25 March 2016

ER -

Network packet filtering and deep packet inspection hybrid mechanism for IDS early packet matching

Abstract

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this