Re: use of bloom filters in commercial iDS/IPS architectures

[Martin Roesch <roesch () sourcefire com>]

I met a group from Washington University that was doing this exact  
thing last year.  Check their paper out:

http://www.arl.wustl.edu/~todd/hoti.pdf

I liked their approach, seemed pretty cool (and they used Snort as  
their test bed).

     -Marty

On Apr 12, 2006, at 12:02 AM, Raj Malhotra wrote:

> Hi,
>
> I would like to know if any of the commercial IDS/IPS vendors are
> using hash based techniques such as bloom filters/rabin finger prints
> for  fast path filtering.
>
> If so, i would appreciate if links to white papers or any other online
> information can be shared with me.
>
> thanks
> -Ral
>
> ---------------------------------------------------------------------- 
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- 
> ids_040708
> to learn more.
> ---------------------------------------------------------------------- 
> --

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------