A method for adding multimedia knowledge for improving intrusion detection systems.

摘要

Intrusion Detection Systems (IDS) are security tools which monitor systems and networks for malicious activity. In saturated network links the amount of data present for analysis can overwhelm them, resulting in potentially undetected attacks. Many of these network links contain significant amounts of multimedia traffic which may seem to contribute to the problem, however our work suggests otherwise.; This thesis proposes a novel method to classify and analyze multimedia traffic in an effort to maximize the efficiency of IDS. By embedding multimedia-specific knowledge into IDS, trusted multimedia contents can be identified and allowed to bypass the detection engine, thereby allowing IDS to focus its limited resources on other traffic. The proposed framework also enables IDS to detect multimedia-specific exploits which would otherwise pass under the radar. Results of our experiments confirm our claims and show substantial CPU savings in both streaming and non-streaming scenarios.