BROWSE
Detail
Conference Paper
Design of SPI Module in Large-Scale Network
Cited 0 time in 
Share 
Share
- Authors
- Seung Yong Yoon, Jin Tae Oh, Jong Soo Jang
- Issue Date
- 2006-02
- Citation
- International Conference on Advanced Communication Technology (ICACT) 2006, pp.1706-1711
- Publisher
- IEEE
- Language
- English
- Type
- Conference Paper
- Abstract
- One of the major problems and limiting factor with network-based IDS(NIDS) is the high false positive alert rate. In order to reduce these false positive alerts, a lot of methods and techniques are proposed. Stateful Packet Inspection(SPI) is one of these solutions. Stateless IDSs generate tremendous false positive alerts while stick or snot attempts to attack. Most existing NIDS have SPI module which is supported statefulness but they don't satisfy high-performance in gigabit internet environment. To solve this problem, we propose hardware based SPI module that supported up to 1 million connections with 2-Step state management scheme in this Paper.
- KSP Keywords
- False positive, High performance, Large-scale network, Limiting factor, Methods and techniques, Packet inspection, State management, hardware based, management scheme, network-based IDS