A Traffic Classification Algorithm for Intrusion Detection

Abstract

We propose in this paper a new intrusion detection method for supporting high speed traffic. As in firewalls and routers, we rely on packet classification to specialize the task of several network intrusions detection systems (NIDSs). We build several traffic classes regarding the network configuration and the traffic properties. Then we consider the NIDS characteristics to select for each class the suitable intrusion detection method. Our idea offers several advantages such as load balancing, fault tolerance and attack prevention. We express our traffic classification method by means of traffic division rules. Then we adequately construct the paths of these rules to reduce the overlapping cases. We transform the rule paths in a prefix trie that we complete by failure links to finally get a directed acyclic graph (DAG). We believe that our classification method is useful for other problems such as firewalling, routing and billing.