Abstract
Network intrusion detection systems often rely on matching patterns that are gleaned from known attacks. While this method is reliable and rarely produces false alarms, it has the obvious disadvantage that it cannot detect novel attacks. Accordingly, an alternative approach which can be a combination with pattern matching approach is needed. We have made effort to design and implement high speed protocol anomaly and signature based intrusion detection approach to detect known and unknown attacks. This approach extracts a set of service fields from the application payload where many attacks occur and analyzes the value of fields to verify attack. This approach is implemented on the FPGA (Xilinx Virtex II pro) device to process packet at gigabit-per-second data rates.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
BoSong, Ye, M., Li, J.: Intrusion Detection Technology Research based High-speed Network. In: IEEE PDCAT 2003 Proceedings (2003)
Enterasys Networks: Intrusion Detection Methodologies Demystified (2003)
Kim, B.-K., Jang, J.-S., Sohn, S.-W., Chung, T.M.: Design and Implementation of Intrusion Detection System base on Object-Oriented Modeling. In: Proceedings of the International Conference on Security and Management (2002)
Kruegel, C., Valeur, F., Vigna, G., Kemmerer, R.: Stateful intrusion detection for high-speed networks. In: Proceedings of the IEEE Symposium on Security and Privacy (2002)
Roesch, M.: Snort-Lightweight Intrusion Detection for Networks. In: Proceedings of the USENIX LISA 1999 Conference (1999)
Ranum, M.: Burglar Alarms for Detecting Intrusions. NFR Inc (1999)
Kumar, S., Spafford, E.: A pattern matching model for misuse intrusion detection. In: Proceedings of the 17th National Computer Security Conference (1994)
Richard Stevens, W.: TCP/IP Illustrated Volume I: The Protocols. Addison-Wesley, Reading (1994)
Schuehler, D.V., Moscola, J., Lockwood, J.: Architecture for a hardware based, TCP/IP content scanning system, IEEE HOTI (2003)
Kim, B.-K., Kim, I.-K., Kim, K.-Y., Jang, J.-S.: Design and Implementation of High Performance Intrusion Detection System. ICCSA (2004)
Check Point Software Technologies: Multi-Layer Security: Attack Prevention Safeguards and Attacks Blocked, http://cgi.us.checkpoint.com/securitycenter/whitepapers.asp
Krugel, C., Toth, T., Kirda, E.: Service Specific Anomaly Detection for Network Intrusion Detection. In: Symosium on Applied Computing (SAC), ACM Scientific Press, New York (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kang, DH., Kim, BK., Oh, JT., Nam, TY., Jang, JS. (2006). FPGA Based Intrusion Detection System Against Unknown and Known Attacks. In: Shi, ZZ., Sadananda, R. (eds) Agent Computing and Multi-Agent Systems. PRIMA 2006. Lecture Notes in Computer Science(), vol 4088. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11802372_97
Download citation
DOI: https://doi.org/10.1007/11802372_97
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36707-9
Online ISBN: 978-3-540-36860-1
eBook Packages: Computer ScienceComputer Science (R0)