Extremely Lightweight Intrusion Detection (ELIDe)

Report No. ARL-CR-0730
Authors: Raymond J. Chang, Richard E. Harang, Garrett S. Payer
Date/Pages: December 2013; 24 pages
Abstract: The need to provide network protection and monitoring extends beyond defending conventional wired computing infrastructures to mobile ad-hoc networks. This need motivates the research and development of network defense methodologies and technologies that are applicable in a tactical environment in which resources are constrained and topologies are dynamic. The project documented by this technical report makes the contribution of prototyping a packet analysis tool named Extremely Lightweight Intrusion Detection (ELIDe) with the capability to approximate Snort-like signature matching against the inbound and outbound network traffic of a single host, while requiring less than 2% of the peak memory footprint demanded by Snort. This economy of resources makes ELIDe suitable for operation in a constrained environment, such as a tactical network that cannot support a more conventional solution like Snort.
Distribution: Approved for public release
  Download Report ( 0.573 MBytes )
If you are visually impaired or need a physical copy of this report, please visit and contact DTIC.
 

Last Update / Reviewed: December 1, 2013