Title :
Framework for a NetFPGA-based Snort NIDS
Author :
Al-Dalky, Rami ; Salah, Khaled ; Al-Qutayri, Mahmoud ; Otrok, Hadi
Author_Institution :
Electr. & Comput. Eng. Dept., Khalifa Univ. of Sci., Sharjah, United Arab Emirates
Abstract :
Network´s speed continues to increase at a high rate resulting in massive network traffic. This results in a need to have a high-speed network intrusion detection system (NIDS) to detect malicious traffic. Snort is a software-based NIDS that can run as a single threaded application. However, it may not be able to detect intrusions in real-time especially in networks with high traffic. This paper proposes a two layer framework where Snort will run as a second line of defense and will be executed only when deep payload analysis is needed. To accelerate the efficiency of Snort, the proposed system will dynamically offload the most frequent rules or signatures to a NetFPGA based hardware. The NetFPGA will work as a first line of defense that accelerates the detection by filtering all the traffic looking for intrusions. This will be done by analyzing the captured packet header to match the offloaded rules or signatures.
Keywords :
computer network security; field programmable gate arrays; NetFPGA based hardware; NetFPGA-based Snort NIDS; deep payload analysis; high-speed network intrusion detection system; malicious traffic detection; single threaded application; software-based NIDS; Acceleration; Engines; Hardware; Intrusion detection; Monitoring; Ports (Computers); Radiation detectors; Intrusion detection system; NetFPGA; Network Security; Snort;
Conference_Titel :
Communication Systems, Networks & Digital Signal Processing (CSNDSP), 2014 9th International Symposium on
Conference_Location :
Manchester
DOI :
10.1109/CSNDSP.2014.6923858
