TCP-Stream Reassembly and State Tracking in Hardware
نویسندگان
چکیده
In this paper we consider a new approach to network intrusion detection. Conventional network intrusion detection systems (NIDS) are software based. We propose to selectively implement portions of the functionality of a state-of-the-art software NIDS in reconfigurable hardware. This increases performance even under hostile loads and will enable efficient intrusion detection in future multi-gigabit networks. Specifically , we consider the problem of TCP-stream reassembly. We present a highperformance TCP stream reassembly and state tracking module targeted for incorporation into an agile reconfigurable network interface based on Xilinx Virtex technology.
منابع مشابه
A Modular System for FPGA-Based TCP Flow Processing in High-Speed Networks
Field Programmable Gate Arrays (FPGAs) can be used in Intrusion Prevention Systems (IPS) to inspect application data contained within network flows. An IPS operating on high-speed network traffic can be used to stop the propagation of Internet worms and to protect networks from Denial of Services (DoS) attacks. When used in the backbone of a core network, the device will be exposed to millions ...
متن کاملRobust TCP Stream Reassembly in the Presence of Adversaries
There is a growing interest in designing high-speed network devices to perform packet processing at semantic levels above the network layer. Some examples are layer-7 switches, content inspection and transformation systems, and network intrusion detection/prevention systems. Such systems must maintain perflow state in order to correctly perform their higher-level processing. A basic operation i...
متن کاملSRC: a multicore NPU-based TCP stream reassembly card for deep packet inspection
Stream reassembly is the premise of deep packet inspection, regarded as the core function of network intrusion detection system and network forensic system. As moving packet payload from one block of memory to another is essential for the reason of packet disorder, throughput performance is very vital in stream reassembly design. In this paper, a stream reassembly card (SRC) is designed to impr...
متن کاملMulti-Gbps HTTP Traffic Analysis in Commodity Hardware Based on Local Knowledge of TCP Streams
In this paper we propose and implement novel techniques for performance evaluation of web traffic (response time, response code, etc.), with no reassembly of the underlying TCP connection, which severely restricts the traffic analysis throughput. Furthermore, our proposed software for HTTP traffic analysis runs in standard hardware, which is very cost-effective. Besides, we present sub-TCP conn...
متن کاملFixed-point FPGA Implementation of a Kalman Filter for Range and Velocity Estimation of Moving Targets
Tracking filters are extensively used within object tracking systems in order to provide consecutive smooth estimations of position and velocity of the object with minimum error. Namely, Kalman filter and its numerous variants are widely known as simple yet effective linear tracking filters in many diverse applications. In this paper, an effective method is proposed for designing and implementa...
متن کامل