ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Journal Article H/W based Stateful Packet Inspection using a Novel Session Architecture
Cited - time in scopus Share share facebook twitter linkedin kakaostory
Authors
Seung Yong Yoon, Byoung Koo Kim, Jin Tae Oh, Jong Soo Jang
Issue Date
2008-11
Citation
International Journal of Computers, v.3, no.2, pp.310-319
ISSN
알수없음
Language
English
Type
Journal Article
Abstract
Stateful Packet Inspection (SPI) remember the previous packet and can thus keep track of the state of the session. SPI was originally developed for Firewall. But recently there are various applications such as VPN, NIDS, Traffic Monitoring, and so on. In this paper we focused on Network Intrusion Detection System (NIDS). Because stateless IDS only look at one packet at a time, a lot of false positive alerts generate during attempt to attack using IDS evasion tool, for example, “stick” or “snot”. To prevent this problem, SPI was employed in NIDS and statefulness of NIDS became very important. But most of existing SPI products are software based solutions which have poor performance in current high-speed internet environment. So, in many cases, the SPI module in NIDS remains inactivated. That is against original purpose. Stateful IDS mainly depends on the performance of processing session table and pattern matching. Pattern Matching has been a lot of studied. But, relatively few studies have been devoted to session processing. It is so difficult that we manage a lot of session state information with limited hardware resources and satisfy high-performance. Therefore, our purpose is to design and implement SPI module in FPGA with new session management architecture. And then we prove that can achieve an efficient and fast stateful intrusion detection that supported up to 1 million sessions with high performance.
KSP Keywords
Detection Systems(IDS), False Positive(FP), Hardware Resources, High performance, High-speed internet, Network Intrusion Detection System, Packet inspection, Session management, State information, pattern matching, traffic monitoring