상세정보
학술대회
Memory-Efficient Content Filtering Hardware for High-Speed Intrusion Detection System
- 발행일
- 200703
- 출처
- Symposium on Applied Computing (SAC) 2007, pp.264-269
- 협약과제
- 06MK2400, Network 위협의 Zero-Day Attack 대응을 위한 실시간 공격 Signature 생성 및 관리 기술개발, 장종수
- 초록
- Content filtering-based Intrusion Detection Systems have been widely deployed in enterprise networks, and have become a standard measure to protect networks and network users from cyber attacks. Although several solutions have been proposed recently, finding an efficient solution is considered as a difficult problem due to the limitations in resources such as a small memory size, as well as the growing link speed. In this paper, we present a novel content filtering technique called Table-driven Bottom-up Tree (TBT), which was designed i) to fully exploit hardware parallelism to achieve real-time packet inspection, ii) to require a small memory for storing signatures, iii) to be flexible in modifying the signature database, and iv) to support complex signature representation such as regular expressions. We configured TBT considering the hardware specifications and limitations, and implemented it using a FPGA. Simulation based performance evaluations showed that the proposed technique used only 350 Kilobytes of memory for storing the latest version of SNORT rule consisting of 2770 signatures. In addition, unlike many other hardware-based solutions, modification to signature database does not require hardware re-compilation in TBT. Copyright 2007 ACM.
- KSP 제안 키워드
- Content filtering, Cyber attacks, Efficient solution, Filtering technique, Hardware parallelism, High Speed, Intrusion Detection Systems(IDSs), Intrusion detection system(IDS), Memory size, Packet inspection, Performance evaluation