A High-Throughput System Architecture for Deep Packet Filtering in Network Intrusion Prevention
نویسندگان
چکیده
Pattern matching is one of critical parts of Network Intrusion Prevention Systems (NIPS). Pattern matching hardware for NIPS should find a matching pattern at wire speed. However, that alone is not good enough. First, pattern matching hardware should be able to generate sufficient pattern match information including the pattern index number and the location of the match found at wire speed. Second, it should support pattern grouping to reduce unnecessary pattern matches. Third, it should show constant worst-case performance even if the number of patterns is increased. Finally it should be able to update patterns in a few minutes or seconds without stopping its operations. We modify Shift-OR hardware accelerator and propose a system architectures to meet the above requirement. Using Xilinx FPGA simulation, we show the new system scaled well to achieve a high speed over 10Gbps and satisfies all of the above requirements.
منابع مشابه
Improvement and parallelization of Snort network intrusion detection mechanism using graphics processing unit
Nowadays, Network Intrusion Detection Systems (NIDS) are widely used to provide full security on computer networks. IDS are categorized into two primary types, including signature-based systems and anomaly-based systems. The former is more commonly used than the latter due to its lower error rate. The core of a signature-based IDS is the pattern matching. This process is inherently a computatio...
متن کاملProgrammable Hardware for Deep Packet Filtering on a Large Signature Set
Damage caused by the recent series of application-level network attacks clearly indicate an immediate need for increased security. Most of these attacks can be more accurately detected by a technique termed Deep Packet Inspection. Deep packet inspection not only examines the packet header, but also looks through the entire payload searching for all of the user specified patterns. Payload patter...
متن کاملSRC: a multicore NPU-based TCP stream reassembly card for deep packet inspection
Stream reassembly is the premise of deep packet inspection, regarded as the core function of network intrusion detection system and network forensic system. As moving packet payload from one block of memory to another is essential for the reason of packet disorder, throughput performance is very vital in stream reassembly design. In this paper, a stream reassembly card (SRC) is designed to impr...
متن کاملReview of Literature
(2008) was presented String Matching Algorithm for Fast Deep Packet Inspection here they said on As link rates and traffic volumes of Internet are constantly growing. String matching using the Deterministic Finite automaton (DFA) will be the performance bottleneck of Deep Packet Inspection (DPI) in their paper they proposes a byte-filtered string matching algorithm, where Bloom filters are used...
متن کاملA New Intrusion Detection System to deal with Black Hole Attacks in Mobile Ad Hoc Networks
By extending wireless networks and because of their different nature, some attacks appear in these networks which did not exist in wired networks. Security is a serious challenge for actual implementation in wireless networks. Due to lack of the fixed infrastructure and also because of security holes in routing protocols in mobile ad hoc networks, these networks are not protected against attack...
متن کامل