Memory-efficient content filtering hardware for high-speed intrusion detection systems

Yi, Sungwon; Kim, Byoungkoo; Oh, Jihyun; Jang, Jongsoo; Kesidis, George; Das, Chita R.

doi:10.1145/1244002.1244068

Cited by 11 publications

(6 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The work presented by [10] proposed a hash implementation of a bottom-up tree, aiming the increase of performance and reduction of memory consumption for storing patterns of 2,770 signatures present in the Snort rule database. By using this method, it was possible to reduce the space occupied by the signatures of about 512 kB to 350 kB, which represents a saving of about 32%.…”

Section: Related Workmentioning

confidence: 99%

Evaluation of the Huffman Encoding for Memory Optimization on Hardware Network Intrusion Detection

Freire

Schnitman

Oliveira

et al. 2013

2013 III Brazilian Symposium on Computing Systems Engineering

View full text Add to dashboard Cite

The design of specialized hardware for Network Intrusion Detection has been subject of intense research over the last decade due to its considerably higher performance compared to software implementations. In this context, one of the limiting factors is the finite amount of memory resources versus the increasing number of threat patterns to be analyzed. This paper proposes an architecture based on the Huffman algorithm for encoding, storage and decoding of these patterns in order to optimize such resources. We have made tests with simulation and synthesis in FPGA of rule subsets of the Snort software, and analysis indicate a saving of up to 73 percent of the embedded memory resources of the chip.

show abstract

Section: Related Workmentioning

confidence: 99%

Evaluation of the Huffman Encoding for Memory Optimization on Hardware Network Intrusion Detection

Freire

Schnitman

Oliveira

et al. 2013

2013 III Brazilian Symposium on Computing Systems Engineering

View full text Add to dashboard Cite

show abstract

“…Compromise of protected code via rootkits [22] represents one of the most prevalent exploits. Recent work has begun exploring different hardware based approaches to security [5,6,12] with many people coming to believe that we cannot solely use software to protect software and only hardware, coupled with software, can do that job successfully [1,2,3,4,5,6,7,8,9,10,11,12,13]. Though a number of advantages to hardware over software have been suggested, we found no research discussing what precisely makes hardware a significant improvement over software and just what capabilities hardware provides that software cannot.…”

Section: Why Hardware?mentioning

confidence: 99%

“…Mott presents a number of hardware primitives that can be leveraged in [5]. The two main areas of interest for creating hardware security (and security in general) have been attempts to monitor processes running on the production system, mainly through various memory introspection techniques [1,2,3], and monitoring the incoming network traffic as it enters the system [8,9,10,11,12,13]. …”

Section: Hardware Primitivesmentioning

confidence: 99%

“…As security takes on ever increasing importance in today's connected, digital world; security solutions incorporate new, dedicated hardware at an increasing rate [1,2,3,4,5,6,7,8,9,10,11,12,13]. Though these works and many others investigate the incorporation of hardware into designs to gain different advantages, little work has been dedicated to understanding what precisely can be accomplished with hardware that cannot be accomplished solely with software solutions.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Software Cannot Protect Software: An Argument for Dedicated Hardware in Security and a Categorization of the Trustworthiness of Information

Judge¹,

Williams²,

Kim³

et al. 2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. There are many current classifications and taxonomies relating to computer security. One missing classification is the Trustworthiness of Information being received by the security system, which we define. This new classification along with Timeliness of Detection and Security level of the Security System present motivation for hardwarebased security solutions. Including hardware is not an automatic solution to the limitations of software solutions. Advantages are only gained from hardware through design that ensures at least First-hand Information, dedicated monitors, explicit hardware communication, dedicated storage, and dedicated security processors.

show abstract

“…However, TCAMs are expensive, power-hungry, and not scalable with respect to clock rate or circuit area [9], [10]. FPGA technologies have become an attractive option for implementing real-time network processing engines [11], [12], [13]. State-ofthe-art FPGA devices provide dense logic units, large amounts of on-chip memory and high-bandwidth interfaces for various external memory technologies [14].…”

Section: Introductionmentioning

confidence: 99%

A flexible and scalable high-performance OpenFlow switch on heterogeneous SoC platforms

Zhou

Jiang

Prasanna

2014

2014 IEEE 33rd International Performance Computing and Communications Conference (IPCCC)

View full text Add to dashboard Cite

Software Defined Networking (SDN) has been proposed as a flexible solution for the next generation Internet provision. OpenFlow is a pioneering protocol for SDN which enables a hardware data plane to be managed by a softwarebased controller in a standard way. In this paper, we present a hardware-software co-design approach of an OpenFlow switch using a state-of-the-art heterogeneous system-on-chip (SoC) platform. Specifically, we implement the OpenFlow switch on a Xilinx Zynq ZC706 board. The Xilinx Zynq SoC family provides a tight coupling of field programmable gate array (FPGA) fabric and ARM processor cores, making it an attractive on-chip implementation platform for SDN switches. High-performance, yet highly-programmable, data plane processing can reside in programmable logic, while complex control software can reside in ARM processor. Our proposed architecture involves a methodology that scales across: (a) a range of possible packet throughput rates and (b) a range of possible flow table sizes. Post-place-androute results show that our design targeted at Xilinx Zynq can achieve a total 88 Gbps throughput for a 1K flow table which supports dynamic and hitless updates. Correct operation has been demonstrated using a ZC706 board.

show abstract

Memory-efficient content filtering hardware for high-speed intrusion detection systems

Cited by 11 publications

References 10 publications

Evaluation of the Huffman Encoding for Memory Optimization on Hardware Network Intrusion Detection

Evaluation of the Huffman Encoding for Memory Optimization on Hardware Network Intrusion Detection

Software Cannot Protect Software: An Argument for Dedicated Hardware in Security and a Categorization of the Trustworthiness of Information

A flexible and scalable high-performance OpenFlow switch on heterogeneous SoC platforms

Contact Info

Product

Resources

About