Abstract
Security is a major issue in today’s communication networks. Designing Network Intrusion Detection systems (NIDS) calls for high performance circuits in order to keep up with the rising data rates. Offloading software processing to hardware realizations is not an economically viable solution and hence hardware-software based hybrid solutions for the NIDS scenario are discussed in literature. By deploying processing on both hardware and software cores simultaneously by using a novel Intelligent Rule Parsing algorithm, we aim to minimize the number of packets whose waiting time is greater than a predefined threshold. This fairness criterion implicitly ensures in obtaining a higher throughput as depicted by our results.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Snort The Open Source Network Intrusion Detection System, http://www.snort.org
Fisk, M., Varghese, G.: An analysis of fast string matching applied to content-based forwarding and intrusion detection. In: Techical Report CS2001-0670 (updated version), University of California, San Diego (2002)
Sidhu, R., Prasanna, V.K.: Fast regular expression matching using FPGAs. In: IEEE Symposium on Field-Programmable Custom Computing Machines, CA, USA (April 2001)
Singaraju, J., Bu, L., Chandy, J.A.: A Signature Match Processor Architecture for Network Intrusion Detection. In: FCCM 2005 (2005)
Hung, W.N.N., Song, X.: BDD Variable Ordering By Scatter Search. In: Proceedings of the International Conference on Computer Design: VLSI in Computers and Processors, ICCD 2001 (2001)
Aho, A., Corasick, M.: Efficient string matching: An aid to bibliographic search. Communications of the ACM 18(6), 333–343 (1975)
Boyer, R.S., Moore, J.S.: A fast string searching algorithm. Communications of the ACM 20(10), 762–772 (1977)
Knuth, D., Morris, J., Pratt, V.: Fast pattern matching in strings. SIAM Journal on Computing 6(2), 323–350 (1977)
Virtex-II Pro and Virtex-II Pro X Platform FPGAs,.:Complete Data Sheet (v4.3) (2005)
Xilinx ISE 7.0 In-Depth Tutorial, version (2005)
Attig, M., Dharmapurikar, S., Lockwood, J.: Implementation Results of Bloom Filters for String Matching. In: Proceedings of FCCM 2004 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sachidananda, S., Gopalan, S., Varadarajan, S. (2005). Hardware-Software Hybrid Packet Processing for Intrusion Detection Systems. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_35
Download citation
DOI: https://doi.org/10.1007/11596981_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)