Deep packet pre-filtering and finite state encoding for adaptive intrusion detection system

1389-1286/$ see front matter Published by Elsevi doi:10.1016/j.comnet.2010.12.007 ⇑ Corresponding author. E-mail addresses: [email protected] (N. Weng) Vespa), [email protected] (B. Soewito). An intrusion detection system (IDS) is a promising technique for detecting and thwarting attacks on computer systems and networks. In the context of ever-changing threats, new attacks are constantly created, and new rules for identifying them are dramatically increasing. To adapt to these new rules, IDSs must be easily reconfigurable, they must keep up with line rates of network traffic, and they must have high detection accuracy. In this paper, we propose a high-performance memory-based IDS that can be easily reconfigured for new rules. Our IDS achieves high performance and memory efficiency by utilizing deep packet pre-filtering and novel finite state encoding. We present simulation and experimental results that show the novelty and feasibility of our system. Published by Elsevier B.V.