High-Performance Stateful Intrusion Detection System

Yoon, Seung-Yong; Kim, Byoungkoo; Oh, Jihyun

doi:10.1109/iccias.2006.294201

Cited by 2 publications

(2 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These approaches typically compile rulesets into hardware in a way that leverages either the distributed memory resources of an FPGA or its ability to house large amounts of logic. Memory-based approaches include TCAMs [12], hash dictionaries [13], and parallel Bloom filters [4]. Logic-based approaches such as DFA or NFA [3] typically instantiate a large number of hardware state machines to compare many different patterns at the same time.…”

Section: Reconfigurable Computing Researchers Have Utilizedmentioning

confidence: 99%

A configurable-hardware document-similarity classifier to detect web attacks

Ulmer

Gokhale

2010

2010 IEEE International Symposium on Parallel &Amp; Distributed Processing, Workshops and PHD Forum (IPDPSW)

View full text Add to dashboard Cite

This paper describes our approach to adapting a text document similarity classifier based on the Term Frequency Inverse Document Frequency (TFIDF) metric [11] to reconfigurable hardware. The TFIDF classifier is used to detect web attacks in HTTP data. In our reconfigurable hardware approach, we design a streaming, real-time classifier by simplifying an existing sequential algorithm and manipulating the classifier's model to allow decision information to be represented compactly. We have developed a set of software tools to help automate the process of converting training data to synthesizable hardware and to provide a means of trading off between accuracy and resource utilization. The Xilinx Virtex 5-LX implementation requires two orders of magnitude less memory than the original algorithm. At 166MB/s (80X the software) the hardware implementation is able to achieve Gigabit network throughput at the same accuracy as the original algorithm.

show abstract

Section: Reconfigurable Computing Researchers Have Utilizedmentioning

confidence: 99%

A configurable-hardware document-similarity classifier to detect web attacks

Ulmer

Gokhale

2010

2010 IEEE International Symposium on Parallel &Amp; Distributed Processing, Workshops and PHD Forum (IPDPSW)

View full text Add to dashboard Cite

show abstract

“…Selective multi-character transitions /FPGA [37] Xilinx XC2V6000-6 14 B-FSM/(FPGA or ASIC) [45] Xilinx Virtex-4 10∼20 nnn/SRAM [3] FPGA/ASIC 1∼20 RTCAM [46] TCAM 12.35 Pre-Decoded CAM [36] Virtex 2-6000 9.7 Quad Bloom Filter/FPGA [6] Xilinx Virtex4 20.4 BITWISE CAM [50] FPGA Xilinx XC2V8000 2.5 FPGA [18] Virtex-4 10 UCLA Packet/FPGA [11] Xilinx Spartan 3-XC3S2000 3.2 NFA/(FPGA and IXP) [12] Xilinx Virtex2-6000&IXP 2400 1 GaTech Decoder Trees/FPGA [13] Virtex 2-8000 2 WashU Bloom/FPGA [5] Virtex 4-100 20.4 Hash Function [49] Xilinx Vertex-II Pro XC2VP70 2 Hash Function and CRC [30] Xilinx Vertex2 2.712 ∼ 4.560 TCAM/Network Processor [38] Network Processor IXDP28xx [22] 10 state. Manipulating multiple DTs means that multiple memory accesses are required which decrease the DPI process throughput.…”

Section: Deterministic Finite Automatamentioning

confidence: 99%

A Survey on Deep Packet Inspection for Intrusion Detection Systems

AbuHmed,

Mohaisen,

Nyang

2008

Preprint

View full text Add to dashboard Cite

Deep packet inspection is widely recognized as a powerful way which is used for intrusion detection systems for inspecting, deterring and deflecting malicious attacks over the network. Fundamentally, almost intrusion detection systems have the ability to search through packets and identify contents that match with known attacks. In this paper, we survey the deep packet inspection implementations techniques, research challenges and algorithms. Finally, we provide a comparison between the different applied systems.

show abstract

High-Performance Stateful Intrusion Detection System

Cited by 2 publications

References 8 publications

A configurable-hardware document-similarity classifier to detect web attacks

A configurable-hardware document-similarity classifier to detect web attacks

A Survey on Deep Packet Inspection for Intrusion Detection Systems

Contact Info

Product

Resources

About