Network Monitoring For Security:
Intrusion Detection Systems
Nowadays, computer systems have become more vulnerable to intrusions than ever. Intrusion Detection is a security technology that allows not only the detection of attacks, but also attempts to provide notification of new attacks unforeseen by other components. Intrusion detection is an important component of a security system, and it complements other security technologies. IDS requires full packet inspection in order to identify attack attempts.
Our research targets the performance analysis and design of improved intrusion detection components. Our recent focus has been on the design of efficient string matching algorithms and the development of a performance analysis methodology, using Snort IDS.
- M. Polychronakis, K. G. Anagnostakis, E. P. Markatos, Arne Øslebø. Design of an Application Programming Interface for IP Network Monitoring. Proceedings of the 9th IEEE/IFIP Network Operations and Management Symposium (NOMS2004), 19-23 April 2004, Seoul, Korea. (pdf | compressed postscript)
- S. Antonatos, K. G. Anagnostakis, E. P. Markatos. Generating Realistic Workloads for Network Intrusion Detection Systems. Proceedings of the Fourth International Workshop on Software and Performance (WOSP2004), January 2004. (pdf | compressed postscript)
- S. Antonatos, K. G. Anagnostakis, E. P. Markatos, M. Polychronakis. Performance Analysis of Content Matching Intrusion Detection Systems. Proceedings of the International Symposium on Applications and the Internet (SAINT2004), January 2004. (pdf | compressed postscript)
- Jan Coppens, Steven Van den Berghe, Herbert Bos, Evangelos P. Markatos, Filip De Turck, Arne Oslebo, and Sven Ubik. SCAMPI: A Scalable and Programmable Architecture for Monitoring Gigabit Networks. Proceedings of the Workshop on End-to-End Monitoring Techniques and Services (E2EMON), September 2003. (pdf)
- Ioannis Sourdis and Dionisios Pnevmatikatos. Fast, Large-Scale String Match for a 10Gbps FPGA-based Network Intrusion Detection System. Proceedings of the 13th International Conference on Field Programmable Logic and Applications (FPL2003), September 1-3, 2003, Lisbon - Portugal. (pdf)
- I.Charitakis, K.Anagnostakis,E.Markatos An Active Traffic Splitter Architecture for Intrusion Detection. Proceedings of the IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, October 2003, Orlando Florida (to appear). (pdf)
- I.Charitakis, K.Anagnostakis,E.Markatos An Active Traffic Splitter Architecture for Intrusion Detection. Technical Report 323, FORTH-ICS, July 2003. (pdf)
- K. G. Anagnostakis, E. P. Markatos, S. Antonatos, and M. Polychronakis. E2xB: A domainspecific string matching algorithm for intrusion detection. Proceedings of the 18th IFIP International Information Security Conference (SEC2003), May 2003. (pdf | compressed postscript)
- E.P Markatos, S. Antonatos, M. Polychronakis and K.G Anagnostakis. ExB: Exclusion-based signature matching for intrusion detection. Proceedings of the IASTED International Conference on Communications and Computer Networks (CCN), pp. 146-152, Cambridge, USA, November 2002 (pdf | compressed postscript).
- E2xB algorithm implementation for Snort 2.0
- Rule randomiser is a utility that takes as an input a snort ruleset file and its output is the rules read with their content field value replaced with random one.
- Rule permutator is a utility that replaces the content field value of a snort ruleset with a random permutation.
- Tcpdump randomiser is a utility that reads a tcpdump trace and replaces the packet payload with random one.
Intrusion Detection Systems
- S.Wu and U.Manber.
A fast algorithm for multi-pattern searching.
- An Analysis of Fast String Matching Applied to Content-Based Forwarding and Intrusion Detection. M. Fisk and G. Varghese.
- Boyer, R. S. and Moore, J. S., "A Fast String Searching Algorithm", Comm. ACM 20, 10, pp. 761-772, 1977.
- "Efficient String Matching: An Aid to Bibliographic Search". A. V. Aho and M. J. Corasick.
- Towards Faster String Matching for Intrusion Detection. C.J. Joit, S. Staniford and J. McAlerney.
This work is funded in part by the IST project SCAMPI (IST-2001-32404) funded by the European Union.