Sampling method for IDS in high bandwidth network
A novel sampling method,IDSampling,was developed to solve the performance unbalance problem that IDS could not scale well in G+bit/s link,which was adaptive with the consumption of the memory bottleneck.With the help of the heuristic messages,such as the entropy of the single-packet flow and the flo...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2009-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/74649732/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850125732830773248 |
|---|---|
| author | NING Zhuo1 GONG Jian1 GU Wen-jie1 |
| author_facet | NING Zhuo1 GONG Jian1 GU Wen-jie1 |
| author_sort | NING Zhuo1 |
| collection | DOAJ |
| description | A novel sampling method,IDSampling,was developed to solve the performance unbalance problem that IDS could not scale well in G+bit/s link,which was adaptive with the consumption of the memory bottleneck.With the help of the heuristic messages,such as the entropy of the single-packet flow and the flow length,IDSampling applied the simple sampling strategy based on the entropy of the single-packet flow when the large-scale anomaly occurred,or another complicated one instructed by the feedback of the rear detection results by default.In both cases IDSampling tried to guaran-tee the equal security with detection cost as low as it could.The results of experiment show that ①IDSampling keeps IDS effective by cutting off its load significantly when it is overloaded,at the same time it can guarantee the detection accuracy of the large-scale attack;②Comparing with the other two overwhelming sampling methods,the random packet sampling and the random flow sampling,the number of attack packets sampled by IDSampling is higher than that of the former two,the number outweighs the former two one order of magnitude especially in the large-scale anomaly case. |
| format | Article |
| id | doaj-art-329f003be6d3442a8198260e06e68b3c |
| institution | OA Journals |
| issn | 1000-436X |
| language | zho |
| publishDate | 2009-01-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-329f003be6d3442a8198260e06e68b3c2025-08-20T02:34:04ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2009-01-0130273674649732Sampling method for IDS in high bandwidth networkNING Zhuo1GONG Jian1GU Wen-jie1A novel sampling method,IDSampling,was developed to solve the performance unbalance problem that IDS could not scale well in G+bit/s link,which was adaptive with the consumption of the memory bottleneck.With the help of the heuristic messages,such as the entropy of the single-packet flow and the flow length,IDSampling applied the simple sampling strategy based on the entropy of the single-packet flow when the large-scale anomaly occurred,or another complicated one instructed by the feedback of the rear detection results by default.In both cases IDSampling tried to guaran-tee the equal security with detection cost as low as it could.The results of experiment show that ①IDSampling keeps IDS effective by cutting off its load significantly when it is overloaded,at the same time it can guarantee the detection accuracy of the large-scale attack;②Comparing with the other two overwhelming sampling methods,the random packet sampling and the random flow sampling,the number of attack packets sampled by IDSampling is higher than that of the former two,the number outweighs the former two one order of magnitude especially in the large-scale anomaly case.http://www.joconline.com.cn/zh/article/74649732/intrusion detectionentropy of the sigel-packet flowsamplingsample entropy |
| spellingShingle | NING Zhuo1 GONG Jian1 GU Wen-jie1 Sampling method for IDS in high bandwidth network Tongxin xuebao intrusion detection entropy of the sigel-packet flow sampling sample entropy |
| title | Sampling method for IDS in high bandwidth network |
| title_full | Sampling method for IDS in high bandwidth network |
| title_fullStr | Sampling method for IDS in high bandwidth network |
| title_full_unstemmed | Sampling method for IDS in high bandwidth network |
| title_short | Sampling method for IDS in high bandwidth network |
| title_sort | sampling method for ids in high bandwidth network |
| topic | intrusion detection entropy of the sigel-packet flow sampling sample entropy |
| url | http://www.joconline.com.cn/zh/article/74649732/ |
| work_keys_str_mv | AT ningzhuo1 samplingmethodforidsinhighbandwidthnetwork AT gongjian1 samplingmethodforidsinhighbandwidthnetwork AT guwenjie1 samplingmethodforidsinhighbandwidthnetwork |