The original Snort intrusion detection system was based on single data pack inspection, however, because of network mass information, more and more attack packages use data dividing means to evade the detection of Snort. Herein, the author introduces data mining technology into the key detection part of this system, and presents "second detection module", as well as a detection way based on the data mining technology, so as to provide a sound theory foundation for future research.
Messages are composed of packets , and in each time slot the switch can deliver a single packet from one of the input queues to the output channel.
The proposed architecture is on demand and only single packet is required to traceback the attack.
We introduce a new packet marking technique and agent design that enables us to identify the approximate source of attack (nearest router) with a single packet even in the case of attacks with spoofed source addresses.
One of the key techniques is photonic label processing of a label stack attached to a single packet or flow.
Applications use the write system call on a BPF to send a single packet through the respective interface.