Name
Title | ||
|---|---|---|
Memory-efficient content filtering hardware for high-speed intrusion detection systems |
Abstract | ||
|---|---|---|
Content filtering-based Intrusion Detection Systems have been widely deployed in enterprise networks, and have become a standard measure to protect networks and network users from cyber attacks. Although several solutions have been proposed recently, finding an efficient solution is considered as a difficult problem due to the limitations in resources such as a small memory size, as well as the growing link speed. In this paper, we present a novel content filtering technique called Table-driven Bottom-up Tree (TBT), which was designed i) to fully exploit hardware parallelism to achieve real-time packet inspection, ii) to require a small memory for storing signatures, iii) to be flexible in modifying the signature database, and iv) to support complex signature representation such as regular expressions. We configured TBT considering the hardware specifications and limitations, and implemented it using a FPGA. Simulation based performance evaluations showed that the proposed technique used only 350 Kilobytes of memory for storing the latest version of SNORT rule consisting of 2770 signatures. In addition, unlike many other hardware-based solutions, modification to signature database does not require hardware re-compilation in TBT. |
Year | DOI | Venue |
|---|---|---|
2007 | 10.1145/1244002.1244068 | SAC |
Keywords | Field | DocType |
memory-efficient content,content filtering-based intrusion detection,small memory size,hardware parallelism,novel content,high-speed intrusion detection system,storing signature,hardware specification,hardware re-compilation,complex signature representation,signature database,small memory,network security,real time,intrusion detection system,bottom up,intrusion detection systems,regular expression,fpga,pattern matching | Deep packet inspection,Content filtering,Regular expression,Computer science,Network security,Field-programmable gate array,Exploit,Computer hardware,Pattern matching,Intrusion detection system | Conference |
ISBN | Citations | PageRank |
1-59593-480-4 | 6 | 0.55 |
References | Authors | |
19 | 6 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Sungwon Yi | 1 | 41 | 3.52 |
| Byoung-koo Kim | 2 | 24 | 5.68 |
| Jintae Oh | 3 | 25 | 7.28 |
| Jongsoo Jang | 4 | 55 | 13.43 |
| George Kesidis | 5 | 356 | 44.92 |
| Chita R. Das | 6 | 1467 | 80.03 |