Accelerating snort NIDS using NetFPGA-based Bloom filter

Al-Dalky, Rami; Salah, Khaled; Otrok, Hadi; Al‐Qutayri, Mahmoud

doi:10.1109/iwcmc.2014.6906470

Cited by 10 publications

(4 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software DPIs (such as SNORT, Bro, and L7-filter) are detailed described in [29]. For a pattern matching algorithm used in DPI there are two categories: software (KMP [18], BM [20], AC [21] and WM [22]) and hardware (DFA [23], BF [24,25], and CAM). Pattern matching described in [26] is capable of operating at 8Gbps.…”

Section: B Payload Processing Design Of Netfpga-basedmentioning

confidence: 99%

See 1 more Smart Citation

The Development Status and Trend of NetFPGA

Cao

Zheng

Sun

2015

2015 International Conference on Network and Information Systems for Computers

View full text Add to dashboard Cite

In recent years, with the rapid development of the Internet, ever increasing traffic and link-bandwidths presented serious challenges for computer network-related research such as high-speed algorithm and development of high-performance network equipment. Of course, increasing complication in hardware, firewall filtering and Encryption technology, makes programmability getting more and more attention in switches, routers and other network devices. This paper introduces the development process of NetFPGA, makes a comprehensive summary in the study of high performance network, and describes its advantages in high-speed, parallel and real-time. We present a brief introduction to our current work simultaneously. Finally, the paper points out the NetFPGA development direction and trends in future work.

show abstract

Section: B Payload Processing Design Of Netfpga-basedmentioning

confidence: 99%

“…Simultaneously, in paper [43] gave a comparison between them. Furthermore, to prevent degrading network throughput in detecting strings in streaming data, a data structure Bloom Filter [24,25] is used in DPI. The storage needed by Bloom Filter is always dependent of string's length.…”

Section: B Payload Processing Design Of Netfpga-basedmentioning

confidence: 99%

The Development Status and Trend of NetFPGA

Cao

Zheng

Sun

2015

2015 International Conference on Network and Information Systems for Computers

View full text Add to dashboard Cite

show abstract

“…Acharya et al [17] studied and analysed the functionality of network firewalls to enhance its performance by modifying rule orders dynamically based on the incoming traffic characteristics. Similarly, for Snort IDS, ample recent research work has been reported in the literature [18][19][20][21][22] to enhance the performance of Snort IDS using hardware-assisted techniques such as FPGA, GPU and multi-core processors. The idea in most of these techniques is to offload the computation of Snort to hardware in order to obtain considerable speedup in performance.…”

Section: Related Workmentioning

confidence: 99%

Modelling and analysis of rule‐based network security middleboxes

Salah

Chaudary

2015

IET Information Security

Self Cite

View full text Add to dashboard Cite

“…Software‐based systems can only perform a limited number of operations and could not fulfill wire‐speed detection requirements. However, there are improvements in these systems, specifically the open‐source network intrusion detection system to provide fast detection .…”

Section: Introductionmentioning

confidence: 99%

Incorporating known malware signatures to classify new malware variants in network traffic

et al. 2015

View full text Add to dashboard Cite

SUMMARYContent-based malware classification technique using n-gram features required high computational overhead because of the size of feature space. This paper proposes the augmentation of domain knowledge in the form of known Snort malware signatures to machine learning techniques to reduce resources (in terms of the time to generate machine learning model and the memory usage to store generative model). Although current malware can be encrypted or mutated, these malware still exhibit prevalent contents or payloads as their predecessors. Using a dataset of traffic captured from a campus network, our approach is able to reduce initial generated million n-gram features to only around 90 000 features, which significantly reduces processing time to generate naive Bayes model by 95%. The generated model that has been trained by the most descriptive features (4-gram Snort signatures with high information gain) produces lower false negative, about 2% compared with other models. Moreover, the proposed method is capable of detecting 10 new malware variants with 0% false negative. The findings from this paper can be the basis for improving malware classification based on content classification to detect known and new malware.

show abstract

Accelerating snort NIDS using NetFPGA-based Bloom filter

Cited by 10 publications

References 21 publications

The Development Status and Trend of NetFPGA

The Development Status and Trend of NetFPGA

Modelling and analysis of rule‐based network security middleboxes

Incorporating known malware signatures to classify new malware variants in network traffic

Contact Info

Product

Resources

About