Using Hash Table to Extract Real-Time Online Network Traffic Features for Hardware IDS

摘要

This work introduces an efficient algorithm for extracting set of features from raw network traffic. Network traffic is captured directly from a Network Interface Card (NIC). The proposed algorithm is used to build an efficient real-time Network Based Intrusion Detection/Prevention Systems (NBIDPS). NBIDPS rely on network traffic as their primary data source, so there is a great need for a reliable, fast algorithm to extract required features for hardware intrusion detection system from available network traffic. It minimizes search time for extracting statistical features from connection records stored in connection queues to memory references. NBIDPS need to implement this algorithm in a high bit rate network such as a gigabit network, ten gigabit or higher.