ABSTRACT
Network intrusion detection systems (NIDSs) which aim to identify various attacks, have become an essential part of current security infrastructure. In particular, signature-based NIDSs are being widely implemented in industry due to their low rate of false alarms. However, the signature matching process is a big challenge for these systems, in which the cost is at least linear to the size of an input string. As a result, overhead packets will be a major issue for practical usage, where the incoming packets exceed the maximum capability of an intrusion detection system (IDS). To mitigate this problem, packet filtration is a promising solution to reduce unwanted traffic. Motivated by this, in this work, a list-based packet filter was designed and an engineering method of combining both blacklist and whitelist techniques was introduced. To further secure such filters against IP spoofing attacks, a lightweight but efficient IP verification mechanism was developed. In the evaluation, a list-based packet filter was deployed in both simulated and real network environments under honest and dishonest scenarios. Experimental results demonstrate that the developed list-based packet filter is effective in traffic filtration as well as workload reduction, and is robust against IP spoofing attacks.
ORCID
Weizhi Meng http://orcid.org/0000-0003-4384-5786
Wenjuan Li http://orcid.org/0000-0003-3745-5669
Additional information
Funding
Notes on contributors
Weizhi Meng
Dr Weizhi Meng is currently an Assistant Professor in the Department of Applied Mathematics and Computer Science at the Technical University of Denmark (DTU) in Denmark. He received his BEng degree in Computer Science from the Nanjing University of Posts and Telecommunications in China and obtained his Ph.D. degree in Computer Science from the City University of Hong Kong (CityU). Prior to joining the DTU, he worked as a Research Scientist in Infocomm Security (ICS) Department, Institute for Infocomm Research in Singapore, and as a Senior Research Associate in the CityU after graduation. He won the Outstanding Academic Performance Award during his doctoral study. He is a member of the Association for Computing Machinery (ACM) and the Institute of Electrical and Electronics Engineers (IEEE). His primary research interests are cyber security and intelligent technology in security including intrusion detection, mobile security and authentication, human-computer interaction (HCI) security, cloud security, trust computation, web security, malware and vulnerability analysis. He also shows a strong interest in applied cryptography.
Wenjuan Li
Ms Wenjuan Li is currently a Ph.D. student in the Department of Computer Science, the CityU. Prior to this, she worked as a Research Assistant in the CityU and was previously a Lecturer in the Department of Computer Science, Zhaoqing Foreign Language College in China. She was a winner of the Cyber Quiz and Computer Security Competition, Final Round of Kaspersky Lab “Cyber Security for the Next Generation” Conference in 2014. Her research interests include network management and security, collaborative intrusion detection, spam detection, trust computing, web technology and E-commerce technology. She is also a student member of the IEEE.
Lam For Kwok
Ir Dr Lam For Kwok received his Ph.D. degree in Information Security from the Queensland University of Technology in Australia. He is currently an Associate Professor of the Department of Computer Science, the CityU. His research interests include information security and management, intrusion detection systems, application of IT in education and web-based information systems. He was the Chairman of the IT Division of The Hong Kong Institution of Engineers (HKIE) (2011–2012), and was the Chairman of the HKIE Information Discipline Advisory Panel (2013–2016). He is a Fellow of the HKIE and the British Computer Society.