Flexible software-hardware Network Intrusion Detection System

被引:3
|
作者
Proudfoot, Ryan [1 ]
Kent, Kenneth [1 ]
Aubanel, Eric [1 ]
Chen, Nan [1 ]
机构
[1] Univ New Brunswick, Fac Comp Sci, Fredericton, NB E3B 5A3, Canada
来源
RSP 2008: 19TH IEEE/IFIP INTERNATIONAL SYMPOSIUM ON RAPID SYSTEM PROTOTYPING, PROCEEDINGS | 2008年
关键词
D O I
10.1109/RSP.2008.11
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Network Intrusion Detection System (NIDS) demands have been steadily increasing over the past few years. Current solutions using software become inefficient running on high speed high volume networks and will end up dropping packets. Hardware solutions are available and result in much higher efficiency but present problems such as flexibility and cost. Our proposed system uses a modified version of Snort, a robust widely deployed open-sourced NIDS. Snort spends a significant fraction of its processing time doing pattern matching. Our proposed system runs Snort in software until it gets to the pattern matching function and then offloads that processing to the Field Programmable Gate Array (FPGA). The hardware is able to process data at up to 1.7GB/s on one Xilinx XC2VP100 FPGA. Our system is more flexible than other FPGA string matching designs in that the rules are not hard-coded. The design is scalable and allows FPGAs to be used in parallel to increase the processing speed even further.
引用
收藏
页码:182 / 188
页数:7
相关论文
共 50 条
  • [31] A Cooperative Software-hardware Approach for Wireless Body Area Network Implementation
    Chen, Meng
    Li, Zhi
    Zhang, Guanglie
    2014 IEEE 4TH ANNUAL INTERNATIONAL CONFERENCE ON CYBER TECHNOLOGY IN AUTOMATION, CONTROL, AND INTELLIGENT SYSTEMS (CYBER), 2014, : 214 - 218
  • [32] COPROCESSING EXPEDITES SOFTWARE-HARDWARE DEVELOPMENT
    ZUHL, M
    ELECTRONICS, 1982, 55 (13): : 122 - 126
  • [33] SOFTWARE-HARDWARE SYSTEM FOR STUDYING BIOPOLYMERS BY PULSED GEL-ELECTROPHORESIS
    CHEBOTAREV, VY
    INSTRUMENTS AND EXPERIMENTAL TECHNIQUES, 1992, 35 (06) : 1097 - 1103
  • [34] SOFTWARE-HARDWARE SYSTEMS GENERATIVE AND COMPOSITION PROGRAMMING: ASPECTS OF DEVELOPING SOFTWARE SYSTEM FAMILIES
    Lavrishcheva, K. M.
    CYBERNETICS AND SYSTEMS ANALYSIS, 2013, 49 (01) : 110 - 123
  • [35] Variable Length Pattern Matching for Hardware Network Intrusion Detection System
    Xue, Chun Jason
    Liu, Meilin
    Zhuge, QingFeng
    Sha, Edwin Hsing-Mean
    JOURNAL OF SIGNAL PROCESSING SYSTEMS FOR SIGNAL IMAGE AND VIDEO TECHNOLOGY, 2010, 59 (01): : 85 - 93
  • [36] Variable Length Pattern Matching for Hardware Network Intrusion Detection System
    Chun Jason Xue
    Meilin Liu
    QingFeng Zhuge
    Edwin Hsing-Mean Sha
    Journal of Signal Processing Systems, 2010, 59 : 85 - 93
  • [37] Intrusion Detection System based on Software Defined Network Firewall
    Sayeed, Mohd Abuzar
    Sayeed, Mohd Asim
    Saxena, Sharad
    2015 1ST INTERNATIONAL CONFERENCE ON NEXT GENERATION COMPUTING TECHNOLOGIES (NGCT), 2015, : 379 - 382
  • [38] Software-Hardware Complex for Accelerating System-on-Chip Design Verification
    A. P. Solodovnikov
    A. L. Pereverzev
    A. M. Silantyev
    Russian Microelectronics, 2024, 53 (7) : 722 - 727
  • [39] Comprehensive Survey on Intrusion Detection on various hardware and software
    Bontupalli, VenkataRamesh
    Taha, Tarek M.
    PROCEEDINGS OF THE 2015 IEEE NATIONAL AEROSPACE AND ELECTRONICS CONFERENCE (NAECON), 2015, : 267 - 272
  • [40] Research on Software-hardware Co-design of Reconfigurable CNC System
    Wang, Tao
    Wang, Liwen
    Liu, Qingjian
    ADVANCED RESEARCH ON INDUSTRY, INFORMATION SYSTEMS AND MATERIAL ENGINEERING, PTS 1-7, 2011, 204-210 : 458 - +
12345