A High-Performance Network Intrusion Detection System

Goals

Approach Overview

Runtime View

Talk Organization

Types for Packets

Our Approach: Inheritance with Constraints

Disjunctive Inheritance

Type-safety for Packet Data

Event Aggregation

Event Aggregation

Event Aggregation

Pattern Language:Regular Expressions over Events

Example Packet Specifications

Example Packet Specifications

Intrusion Detection Evaluation

Attack Repertoire

Evaluation Results: Summary

Effectiveness on Network-Level Attacks

Performance

Factors Determining Performance

Related Work

Summary

Future Work