Real Time Intrusion Detection in High-Speed Data Streams
Small Business Information
Scientific Systems Co., Inc.
500 West Cummings Park, Suite 3000, Woburn, MA, 01801
Joao B.D. Cabrera
Abstract"We propose to investigate a methodology for designing hybrid(network-based and host-based) Intrusion Detection Systems (IDSs) foroperation at the OC-12 range and above. The scheme is centered on theapplication of Statistical Pattern Recognition methods for producingcomputationally cheap, yet effective detection rules to be programmedin dedicated co-processors. The effort addresses the challenges inthe development of network-based IDSs posed by the unabated increasein network capacity, and the arise of multi-stage attacks involvinghost infiltration followed by network scanning and automatedpacket-flooding. Current schemes for coping with increasing linkspeed rely on packet subsampling and/or reduction of the signatureset, resulting on substantial reduction in accuracy. In contrast, ourmethod offers a flexible alternative with no reduction of detectionrate, that can also be easily reprogrammed for new attacks. Theinclusion of host-based features allows the detection of multi-stageattacks. The statistical nature of the approach is compatible withIPSEC, as packet encryption preserves the features used for ruleconstruction. Aprisma Inc. (manufacturer of SPECTRUM) will provideconsulting in network management and security. Design and evaluationof algorithms will utilize an extensive data set collected by MCNC ona Gigabit Ethernet. MCNC group will also provide consulting inadvanced hardware. Prof. Wenke Lee from Georgia Tech will serv
* information listed above is at the time of submission.