Abstract
In this paper we examine the impact of various levels of (partial) hardware acceleration levels on a software based Network Intrusion Detection System. While complete hardware solutions are possible and have been studied extensively, they are costly and may suffer from scalability and flexibility limitations. The flexibility of software is attractive to address these concerns. We show in this paper that (unexpectedly) a modest amount of hardware acceleration such as simple header classification can achieve respectable and cost-effective system throughput. We also find that further acceleration in the form of approximate filtering offers very small incremental improvement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aho, A., Corasick, M.: Fast pattern matching: an aid to bibliographic search. Commun. ACM 18(6), 333–340 (1975)
Antonatos, S., Anagnostakis, K.G., Markatos, E.P., Polychronakis, M.: Performance analysis of content matching intrusion detection systems. In: Proceedings of the International Symposium on Applications and the Internet (2004)
Boyer, R., Moore, J.: A fast string match algorithm. Commun. ACM 20(10), 762–772 (1977)
Cho, Y.H., Navab, S., Mangione-Smith, W.: Specialized hardware for deep network packet filtering. In: Proceedings of 12th International Conference on Field Programmable Logic and Applications (2002)
Clark, C.R., Schimmel, D.E.: Efficient reconfigurable logic circuit for matching complex network intrusion detection patterns. In: Proceedings of 13th International Conference on Field Programmable Logic and Applications (September 2003)
Dharmapurikar, S., Krishnamurthy, P., Spoull, T., Lockwood, J.: Deep Packet Inspection using Bloom Filters. In: Deep Packet Inspection using Bloom Filters, Stanford, CA (August 2003)
Horspool, R.: Practical fast searching in strings. Software - Practice & Experience 10(6), 501–506 (1980)
Lockwood, J.W.: An open platform for development of network processing modules in reconfigurable hardware. In: IEC DesignCon 2001, Santa Clara, CA, USA (January 2001)
Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of LISA 1999: 13th Administration Conference, Seattle Washington, USA, November 7 -12 (1999)
Sourdis, I., Pnevmatikatos, D.: Pre-decoded CAMs for efficient and high-speed nids pattern matching. In: IEEE Symposium on Field-Programmable Custom Computing Machines (April 2004)
Wu, S., Mander, U.: A fast algorithm for multi-pattern searching. In: Techical Report TR-94-17, University of Arisona (1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dimopoulos, V., Papadopoulos, G., Pnevmatikatos, D. (2005). On the Importance of Header Classification in HW/SW Network Intrusion Detection Systems. In: Bozanis, P., Houstis, E.N. (eds) Advances in Informatics. PCI 2005. Lecture Notes in Computer Science, vol 3746. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11573036_63
Download citation
DOI: https://doi.org/10.1007/11573036_63
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29673-7
Online ISBN: 978-3-540-32091-3
eBook Packages: Computer ScienceComputer Science (R0)