Skip to main content
SpringerLink
Log in

Network Processor Based Network Intrusion Detection System

  • Conference paper
Information Networking. Networking Technologies for Broadband and Mobile Networks (ICOIN 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3090))

Included in the following conference series:

  • 317 Accesses

Abstract

To achieve fast packet processing and dynamic adaptation of intrusion patterns that are continuously added, a new high performance network intrusion detection system using Intel’s network processor, IXP1200, is proposed. Unlike traditional intrusion detection engines, which has been implemented by either software or hardware so far, we propose an optimized architecture and algorithms, exploiting the features of network processor. Through implementation and performance evaluation, we show the proprieties of the proposed approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Sidhu, R., Prasanna, V.K.: Fast Regular Expression Matching using FPGAs. In: IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM 2001) (2001)

    Google Scholar 

  2. Hutchings, B.L., Franklin, R., Carver, D.: Assisting Network Intrusion Detection with Reconfigurable Hardware. In: IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM 2002) (2002)

    Google Scholar 

  3. Cho, Y.H., Navab, S., Mangione-Smith, W.H.: Specialized Hardware for Deep Network Packet Filtering. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, pp. 452–461. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  4. Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network Intrusion Detection. IEEE Network 8(3), 26–41 (1994)

    Article  Google Scholar 

  5. Snort homepage, available at http://www.snort.org

  6. Roesch, M., Green, C.: Snort User Manual, Verson 1.8.6/2.0.0 (2002/2003)

    Google Scholar 

  7. Desai, N.: Increasing Performance in High Speed NIDS, A look at Snort’s Internals (2002)

    Google Scholar 

  8. Intel corporation, Intel IXP1200/2400 Network Processor Family Hardware Reference Manual (2001/2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information and Communications University, 103-6, Munji-dong, Yuseong-gu, Daejeon, 305-714, Korea

    Hyeyoung Cho, Daeyoung Kim, Juhong Kim & Yoonmee Doh

  2. Electronics and Telecommunications Research Institute, 161, Gajung-dong, Yuseong-gu, Daejeon, 305-350, Korea

    Jongsoo Jang

Authors
  1. Hyeyoung Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daeyoung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Juhong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yoonmee Doh
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jongsoo Jang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Electronics Information Engineering, Korea University, Seoul, Korea

    Hyun-Kook Kahng

  2. Waseda University, 3-4-1 Ohkubo, Shinjuku, 169-8555, Tokyo, Japan

    Shigeki Goto

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cho, H., Kim, D., Kim, J., Doh, Y., Jang, J. (2004). Network Processor Based Network Intrusion Detection System. In: Kahng, HK., Goto, S. (eds) Information Networking. Networking Technologies for Broadband and Mobile Networks. ICOIN 2004. Lecture Notes in Computer Science, vol 3090. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25978-7_98

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-25978-7_98

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23034-2

  • Online ISBN: 978-3-540-25978-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation