Skip to main content
SpringerLink
Log in

On the Importance of Header Classification in HW/SW Network Intrusion Detection Systems

  • Conference paper
Advances in Informatics (PCI 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3746))

Included in the following conference series:

Abstract

In this paper we examine the impact of various levels of (partial) hardware acceleration levels on a software based Network Intrusion Detection System. While complete hardware solutions are possible and have been studied extensively, they are costly and may suffer from scalability and flexibility limitations. The flexibility of software is attractive to address these concerns. We show in this paper that (unexpectedly) a modest amount of hardware acceleration such as simple header classification can achieve respectable and cost-effective system throughput. We also find that further acceleration in the form of approximate filtering offers very small incremental improvement.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aho, A., Corasick, M.: Fast pattern matching: an aid to bibliographic search. Commun. ACM 18(6), 333–340 (1975)

    Article  MATH  MathSciNet  Google Scholar 

  2. Antonatos, S., Anagnostakis, K.G., Markatos, E.P., Polychronakis, M.: Performance analysis of content matching intrusion detection systems. In: Proceedings of the International Symposium on Applications and the Internet (2004)

    Google Scholar 

  3. Boyer, R., Moore, J.: A fast string match algorithm. Commun. ACM 20(10), 762–772 (1977)

    Article  Google Scholar 

  4. Cho, Y.H., Navab, S., Mangione-Smith, W.: Specialized hardware for deep network packet filtering. In: Proceedings of 12th International Conference on Field Programmable Logic and Applications (2002)

    Google Scholar 

  5. Clark, C.R., Schimmel, D.E.: Efficient reconfigurable logic circuit for matching complex network intrusion detection patterns. In: Proceedings of 13th International Conference on Field Programmable Logic and Applications (September 2003)

    Google Scholar 

  6. Dharmapurikar, S., Krishnamurthy, P., Spoull, T., Lockwood, J.: Deep Packet Inspection using Bloom Filters. In: Deep Packet Inspection using Bloom Filters, Stanford, CA (August 2003)

    Google Scholar 

  7. Horspool, R.: Practical fast searching in strings. Software - Practice & Experience 10(6), 501–506 (1980)

    Article  Google Scholar 

  8. Lockwood, J.W.: An open platform for development of network processing modules in reconfigurable hardware. In: IEC DesignCon 2001, Santa Clara, CA, USA (January 2001)

    Google Scholar 

  9. Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of LISA 1999: 13th Administration Conference, Seattle Washington, USA, November 7 -12 (1999)

    Google Scholar 

  10. Sourdis, I., Pnevmatikatos, D.: Pre-decoded CAMs for efficient and high-speed nids pattern matching. In: IEEE Symposium on Field-Programmable Custom Computing Machines (April 2004)

    Google Scholar 

  11. Wu, S., Mander, U.: A fast algorithm for multi-pattern searching. In: Techical Report TR-94-17, University of Arisona (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electronic and Computer Engineering Department, Technical University of Crete, Chania, GR 73 100, Greece

    Vassilis Dimopoulos, Giorgos Papadopoulos & Dionisios Pnevmatikatos

  2. Institute of Computer Science (ICS), Foundation for Research and Technology-Hellas (FORTH), Vasilika Vouton, Heraklion, GR, GR 71110, Greece

    Dionisios Pnevmatikatos

Authors
  1. Vassilis Dimopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giorgos Papadopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dionisios Pnevmatikatos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer and Communication Engineering, University of Thessaly, Glavani 37, 382 21, Volos, Greece

    Panayiotis Bozanis

  2. Department of Computer and Communication Engineering, University of Thessaly, 382 21, Volos, Greece

    Elias N. Houstis

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dimopoulos, V., Papadopoulos, G., Pnevmatikatos, D. (2005). On the Importance of Header Classification in HW/SW Network Intrusion Detection Systems. In: Bozanis, P., Houstis, E.N. (eds) Advances in Informatics. PCI 2005. Lecture Notes in Computer Science, vol 3746. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11573036_63

Download citation

  • DOI: https://doi.org/10.1007/11573036_63

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29673-7

  • Online ISBN: 978-3-540-32091-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation