Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cryptology and Network Security

CANS 2006: Cryptology and Network Security pp 318–328Cite as

Smart Architecture for High-Speed Intrusion Detection and Prevention Systems

  • Conference paper

  • 808 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 4301)

Abstract

The overall performance of an intrusion protection system depends not only on the packet header classification and pattern matching, but also on the post-operative determination of correlative patterns of matched rules. An increasing number of patterns associated with a rule heighten the importance of correlative pattern matching. This work proposes a TCAM-based smart architecture that supports both deep pattern-matching and correlative pattern-matching. The proposed architecture overcomes the difficulties in implementing TCAM when the patterns are very deep and the rules for packet payload involve many patterns whose positions lie within a range. A real case payload is simulated using a Snort 2.3 rule set and simulation results demonstrate the feasibility of the proposed architecture in supporting a high-speed and robust intrusion detection and prevention system.

Keywords

  • Clock Cycle
  • Intrusion Detection
  • Pattern Match
  • Correlative Pattern
  • Bloom Filter

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This work was supported by MOE Program for Promoting Academic Excellent of Universities (II) under the grant number NSC-94-2752-E-007-002-PAE, and NSC project under the grant number NSC-94-2213-E007-021.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. SNORT official web site, http://www.snort.org

  2. ClamAV database, http://www.clamav.net

  3. Sidhu, R., Prasanna, V.K.: Fast Regular Expression Matching using FPGAs. In: Proc. of the 9th annual IEEE Symposium on Field-Progammable Custom Computing Machines (FCCM 2001), Rohnert Park, California, USA, pp. 223–232 (April 2001)

    Google Scholar 

  4. Moscola, J., Lockwood, J., Loui, R.P., Pachos, M.: Implementation of a Content-scanning Module for an Internet Firewall. In: Proc. of the 11th annual IEEE Symposium on Field-Progammable Custom Computing Machines (FCCM 2003), Napa, California, USA, pp. 31–38 (April 2003)

    Google Scholar 

  5. Sourdis, et al.: Fast, Large-scale String Match for 10Gbps FPGA-based Network Intrusion Detection System. In: Cheung, P.Y.K., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, pp. 880–889. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  6. Young, et al.: Deep Network Packet Filter Design for Reconfigurable Devices. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438. Springer, Heidelberg (2002)

    Google Scholar 

  7. Gokhale, M., et al.: Granidt: Towards Gigabit Rate Network Intrusion Detection Technology. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, pp. 404–413. Springer, Heidelberg (2002)

    CrossRef  Google Scholar 

  8. Bu, L., Chandy, J.A.: FPGA Based Network Intrusion Detection using Content Addressable Memories. In: Proc. of the 12th annual IEEE Symposium on Field-Progammable Custom Computing Machines (FCCM 2004), Napa, California, USA, pp. 316–317 (April 2004)

    Google Scholar 

  9. Silberstein, M., et al.: Designing a CAM-based Coprocessor for Boosting Performance of Antivirus Software. Technion technique report (March 2004)

    Google Scholar 

  10. Dharmapurikarup, S., et al.: Deep Packet Inspection using Parallel Bloom Filters. IEEE Micro 24(1), 52–61 (2004)

    CrossRef  Google Scholar 

  11. DEFCON web site, http://www.defcon.org

  12. Yu, F., Katz, R.H., Lakshman, T.V.: Gigabit Rate Packet Pattern-Matching Using TCAM. In: Proc. of the 12th IEEE International Conference on Network Protocols (ICNP 2004), Berlin, Germany, pp. 147–183 (October 2004)

    Google Scholar 

  13. Wu, C.-C., Wen, S.-H., Huang, N.-F., Kao, C.N.: A Pattern Matching Coprocessor for Deep and Large Signature Set in Network Security System. In: IEEE Globecom 2005, St. Louis, USA (November 2005)

    Google Scholar 

  14. Attig, M.E., Lockwood, J.: A Framework for Rule Processing in Reconfigurable Network Systems. In: Proc. of the 13th annual IEEE Symposium on Field-Progammable Custom Computing Machines (FCCM 2005), Napa, California, USA (April 2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer and Communication Research Center (CCRC), National Tsing Hua University, Taiwan

    Chih-Chiang Wu

  2. Institute of Communication Engineering, National Tsing Hua University, Taiwan

    Sung-Hua Wen & Nen-Fu Huang

  3. Department of Computer Science, National Tsing Hua University, Taiwan

    Nen-Fu Huang

Authors
  1. Chih-Chiang Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sung-Hua Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nen-Fu Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Ecole Normale Supérieure – LIENS/CNRS/INRIA,, France

    David Pointcheval

  2. Centre for Computer and Information Security Research School of Computer Science and Software Engineering, University of Wollongong, Australia

    Yi Mu

  3. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China

    Kefei Chen

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wu, CC., Wen, SH., Huang, NF. (2006). Smart Architecture for High-Speed Intrusion Detection and Prevention Systems. In: Pointcheval, D., Mu, Y., Chen, K. (eds) Cryptology and Network Security. CANS 2006. Lecture Notes in Computer Science, vol 4301. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11935070_22

Download citation

  • DOI: https://doi.org/10.1007/11935070_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-49462-1

  • Online ISBN: 978-3-540-49463-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

search

Navigation