E-viri
Recenzirano
-
Design and implementation of an intrusion detection system by using Extended BPF in the Linux kernelWang, Shie-Yuan; Chang, Jen-Chieh
Journal of network and computer applications, February 2022, 2022-02-00, Letnik: 198Journal Article
An intrusion detection system (IDS) checks the content of headers and payload of packets to detect intrusions from the network. It is an essential function for network security. Traditionally, an IDS, such as Snort, which is a widely used open source IDS, is implemented as a program running in the user space on a hardware server. Recently, with the availability of Extended BPF (eBPF) in the Linux kernel, efficiently checking and filtering arriving packets directly in the kernel becomes feasible. In this work, we design and implement an IDS that has two parts working together. The first part runs in the Linux kernel. Its uses eBPF to perform fast patterns matching to pre-drop a very large portion of packets that have no chance to match any rule. The second part runs in the user space. It examines the packets left by the first part to find the rules that match them. Using a modified version of the registered ruleset of Snort, experimental results show that the maximum throughput of our IDS system can outperform that of Snort by a factor of 3 under many tested conditions.
![loading ... loading ...](themes/default/img/ajax-loading.gif)
Vnos na polico
Trajna povezava
- URL:
Faktor vpliva
Dostop do baze podatkov JCR je dovoljen samo uporabnikom iz Slovenije. Vaš trenutni IP-naslov ni na seznamu dovoljenih za dostop, zato je potrebna avtentikacija z ustreznim računom AAI.
Leto | Faktor vpliva | Izdaja | Kategorija | Razvrstitev | ||||
---|---|---|---|---|---|---|---|---|
JCR | SNIP | JCR | SNIP | JCR | SNIP | JCR | SNIP |
Baze podatkov, v katerih je revija indeksirana
Ime baze podatkov | Področje | Leto |
---|
Povezave do osebnih bibliografij avtorjev | Povezave do podatkov o raziskovalcih v sistemu SICRIS |
---|
Vir: Osebne bibliografije
in: SICRIS
To gradivo vam je dostopno v celotnem besedilu. Če kljub temu želite naročiti gradivo, kliknite gumb Nadaljuj.