Abstract
Intrusion detection for IP networks has been a research theme for a number of years already. One of the challenges is to keep up with the ever increasing Internet usage and network link speeds, as more and more data has to be scanned for intrusions. Another challenge is that it is hardly feasible to adapt the scanning configuration to new threats manually in a timely fashion, because of the possible rapid spread of new threats. This paper is the result of the first three months of a PhD research project in high speed, self-learning network intrusion detection systems. Here, we give an overview of the state of the art in this field, highlighting at the same time the major open issues.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Operational experiences with high-volume network intrusion detection. In (CSS’04). SIGSAC: 11th ACM Conference on Computer and Communications Security, pp. 2–11. ACM Press, New York (2004)
Dressler, F., Münz, G., Carle, G.: CATS - cooperating autonomous detection systems. In: Smirnov, M. (ed.) WAC 2004. LNCS, vol. 3457, Springer, Heidelberg (2005)
Dübendorfer, T., Plattner, B.: Host behaviour based early detection of worm outbreaks in internet backbones. In (WETICE’05). Enabling Technologies: Infrastructure for Collaborative Enterprise, 14th IEEE International Workshops on, pp. 166–171. IEEE Computer Society Press, Los Alamitos (2005)
Dübendorfer, T., Wagner, A., Plattner, B.: A framework for real-time worm attack detection and backbone monitoring. In: Critical Infrastructure Protection, First IEEE International Workshop on (IWCIP’05) (November 2005)
Gao, M., Zhang, K., Lu, J.: Efficient packet matching for gigabit network intrusion detection using TCAMs. In (AINA’06). Advanced Information Networking and Applications, 20th International Conferece, pp. 249–254. IEEE Computer Society Press, Los Alamitos (2006)
Gao, Y., Li, Z., Chen, Y.: A DoS resilient flow-level intrusion detection approach for high-speed networks. In: ICDCS 2006. Distributed Computing Systems, 26th IEEE International Conference, pp. 39–46. IEEE Computer Society Press, Los Alamitos (2006)
Kruegel, C., Valeur, F., Vigna, G.: Intrusion Detection and Correlation: Challenges and Solutions. Springer, Heidelberg (2004)
Lai, H., Cai, S., Huang, H., Xie, J., Li, H.: A parallel intrusion detection system for high-speed networks. In: ACNS 2004. LNCS, vol. 3089, pp. 439–451. Springer, Heidelberg (2004)
Zhao, Q., Xu, J., Kumar, A.: Detection of super sources and destinations in high-speed networks: Algorithms, analysis and evaluation. Selected Areas in Communications, IEEE Journal 24, 1840–1852 (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sperotto, A., van de Meent, R. (2007). A Survey of the High-Speed Self-learning Intrusion Detection Research Area. In: Bandara, A.K., Burgess, M. (eds) Inter-Domain Management. AIMS 2007. Lecture Notes in Computer Science, vol 4543. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72986-0_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-72986-0_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72985-3
Online ISBN: 978-3-540-72986-0
eBook Packages: Computer ScienceComputer Science (R0)