BIBLIOS

Tipo
Artigos em Conferência

Tipo de Documento
Resumo Extendido

Título
Speeding Up Network Intrusion Detection

Participantes na publicação
João Romeiras Amado (Author)
INSTITUTO SUPERIOR TÉCNICO
Salvatore Signorello (Author)
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA
Dep. Informática
Miguel Correia (Author)
INSTITUTO SUPERIOR TÉCNICO
Fernando M. V. Ramos (Author)
INSTITUTO SUPERIOR TÉCNICO

Resumo
Modern network data planes have enabled new measurement approaches, including efficient sketch-based techniques with provable trade-offs between memory and accuracy, directly in the data plane, at line rate. We thus ask the question: can one leverage this richer measurement plane to improve network intrusion detection? Our answer is SPID, a push-based, feature-rich network monitoring approach to assist learning-based attack detection. SPID switches run a diverse set of measurement primitives and proactively push measurements to the monitoring system when relevant changes occur. Network measurements are then fed as input features to a classifier based on unsupervised learning to detect ongoing attacks, as they occur. In consequence, SPID aims to reduce attack detection time, when comparing to existing solutions present in large scale networks.


Evento
2020 IEEE 28th International Conference on Network Protocols (ICNP)

Identificadores da Publicação
ISSN - 9781728169927

Editora
IEEE


Identificadores do Documento
DOI - https://doi.org/10.1109/ICNP49622.2020.9259349

Keywords
NIDS programmable data planes sketches