High-Performance Intrusion Detection with the Open-Source Bro NIDS
High-Performance Intrusion Detection with the Open-Source Bro NIDS
High-Performance Intrusion Detection with the Open-Source Bro NIDS
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Event Model<br />
Web<br />
Client<br />
1.2.3.4/4321<br />
...<br />
Stream of TCP packets<br />
Request for /index.html<br />
Status OK plus data<br />
SYN SYN ACK ACK ACK ACK FIN FIN<br />
...<br />
Web<br />
Server<br />
5.6.7.8/80<br />
Event<br />
connection_established(1.2.3.4/43215.6.7.8/80)<br />
TCP stream reassembly for originator<br />
Event<br />
http_request(1.2.3.4/43215.6.7.8/80, “GET”, “/index.html”)<br />
Guest Lecture, RWTH Aachen<br />
14<br />
Thursday, December 16, 2010