Fast data rates and complicated protocols have outpaced network intrusion detection systems. Administrators are forced to choose between breadth and depth: systems either deeply analyze traffic for a small handful of vulnerabilities, or search for many in parallel using more primitive (and easily evadable) techniques. We present a new parser architecture called VESPA, which uses the concept of vulnerability signatures to offer both speed and accuracy. VESPA is informed by a study of network protocols, which precedes the design. We conclude by reviewing several trends in computer architecture, and their impact on future intrusion detection systems. We believe a system which offers both speed and accuracy is possible, but requires rethinking how network intrusion detectors are designed, in light of trends in computer architecture.
【 预 览 】
附件列表
Files
Size
Format
View
High Performance Network Intrusion Detection: A New Paradigm is Needed