Elephant: Network Intrusion Detection Systems that Don't Forget

Big Island, Hawaii January 03-January 06

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/HICSS.2005.230

Proceedings of the 38th Annual Hawaii ...

	This Article
	PURCHASE ARTICLE: $0 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michael G. Merideth Articles by Priya Narasimhan

	ASCII Text	x
	Michael G. Merideth, Priya Narasimhan, "Elephant: Network Intrusion Detection Systems that Don't Forget," Hawaii International Conference on System Sciences, vol. 9, pp. 309c, Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05) - Track 9, 2005.

	BibTex	x
	@article{ 10.1109/HICSS.2005.230, author = {Michael G. Merideth and Priya Narasimhan}, title = {Elephant: Network Intrusion Detection Systems that Don't Forget}, journal ={Hawaii International Conference on System Sciences}, volume = {9}, year = {2005}, issn = {1530-1605}, pages = {309c}, doi = {http://doi.ieeecomputersociety.org/10.1109/HICSS.2005.230}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Hawaii International Conference on System Sciences TI - Elephant: Network Intrusion Detection Systems that Don't Forget SN - 1530-1605 SP EP A1 - Michael G. Merideth, A1 - Priya Narasimhan, PY - 2005 KW - null VL - 9 JA - Hawaii International Conference on System Sciences ER -

Michael G. Merideth, Carnegie Mellon University, Pittsburgh, PA

Priya Narasimhan, Carnegie Mellon University, Pittsburgh, PA

Modern Network Intrusion Detection Systems (NIDSs) maintain state that helps them accurately detect attacks. Because most NIDSs are signature-based, it is critical to update their rule-sets frequently; unfortunately, doing so can result in downtime that causes state to be lost, leading to vulnerabilities of attack misclassification. In this paper, we show that such vulnerabilities do exist and provide a way to avoid them. Using the open-source NIDS Snort, we present Elephant, an approach and implementation for updating rule-sets that provides a way to cause Snort to enter a safe quiescent point, load the new rules into memory, and remove the old rules from memory-all while preserving the state that is required to make sure that the NIDS does not miss attacks. We provide a critique and performance evaluation of our technique.

Citation:

Michael G. Merideth, Priya Narasimhan, "Elephant: Network Intrusion Detection Systems that Don't Forget," hicss, vol. 9, pp.309c, Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05) - Track 9, 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.