Abstract
The overall performance of an intrusion protection system depends not only on the packet header classification and pattern matching, but also on the post-operative determination of correlative patterns of matched rules. An increasing number of patterns associated with a rule heighten the importance of correlative pattern matching. This work proposes a TCAM-based smart architecture that supports both deep pattern-matching and correlative pattern-matching. The proposed architecture overcomes the difficulties in implementing TCAM when the patterns are very deep and the rules for packet payload involve many patterns whose positions lie within a range. A real case payload is simulated using a Snort 2.3 rule set and simulation results demonstrate the feasibility of the proposed architecture in supporting a high-speed and robust intrusion detection and prevention system.
This work was supported by MOE Program for Promoting Academic Excellent of Universities (II) under the grant number NSC-94-2752-E-007-002-PAE, and NSC project under the grant number NSC-94-2213-E007-021.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
SNORT official web site, http://www.snort.org
ClamAV database, http://www.clamav.net
Sidhu, R., Prasanna, V.K.: Fast Regular Expression Matching using FPGAs. In: Proc. of the 9th annual IEEE Symposium on Field-Progammable Custom Computing Machines (FCCM 2001), Rohnert Park, California, USA, pp. 223–232 (April 2001)
Moscola, J., Lockwood, J., Loui, R.P., Pachos, M.: Implementation of a Content-scanning Module for an Internet Firewall. In: Proc. of the 11th annual IEEE Symposium on Field-Progammable Custom Computing Machines (FCCM 2003), Napa, California, USA, pp. 31–38 (April 2003)
Sourdis, et al.: Fast, Large-scale String Match for 10Gbps FPGA-based Network Intrusion Detection System. In: Cheung, P.Y.K., Constantinides, G.A. (eds.) FPL 2003. LNCS, vol. 2778, pp. 880–889. Springer, Heidelberg (2003)
Young, et al.: Deep Network Packet Filter Design for Reconfigurable Devices. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438. Springer, Heidelberg (2002)
Gokhale, M., et al.: Granidt: Towards Gigabit Rate Network Intrusion Detection Technology. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, pp. 404–413. Springer, Heidelberg (2002)
Bu, L., Chandy, J.A.: FPGA Based Network Intrusion Detection using Content Addressable Memories. In: Proc. of the 12th annual IEEE Symposium on Field-Progammable Custom Computing Machines (FCCM 2004), Napa, California, USA, pp. 316–317 (April 2004)
Silberstein, M., et al.: Designing a CAM-based Coprocessor for Boosting Performance of Antivirus Software. Technion technique report (March 2004)
Dharmapurikarup, S., et al.: Deep Packet Inspection using Parallel Bloom Filters. IEEE Micro 24(1), 52–61 (2004)
DEFCON web site, http://www.defcon.org
Yu, F., Katz, R.H., Lakshman, T.V.: Gigabit Rate Packet Pattern-Matching Using TCAM. In: Proc. of the 12th IEEE International Conference on Network Protocols (ICNP 2004), Berlin, Germany, pp. 147–183 (October 2004)
Wu, C.-C., Wen, S.-H., Huang, N.-F., Kao, C.N.: A Pattern Matching Coprocessor for Deep and Large Signature Set in Network Security System. In: IEEE Globecom 2005, St. Louis, USA (November 2005)
Attig, M.E., Lockwood, J.: A Framework for Rule Processing in Reconfigurable Network Systems. In: Proc. of the 13th annual IEEE Symposium on Field-Progammable Custom Computing Machines (FCCM 2005), Napa, California, USA (April 2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wu, CC., Wen, SH., Huang, NF. (2006). Smart Architecture for High-Speed Intrusion Detection and Prevention Systems. In: Pointcheval, D., Mu, Y., Chen, K. (eds) Cryptology and Network Security. CANS 2006. Lecture Notes in Computer Science, vol 4301. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11935070_22
Download citation
DOI: https://doi.org/10.1007/11935070_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49462-1
Online ISBN: 978-3-540-49463-8
eBook Packages: Computer ScienceComputer Science (R0)