Framework for a NetFPGA-based Snort NIDS

Author

Al-Dalky, Rami ; Salah, Khaled ; Al-Qutayri, Mahmoud ; Otrok, Hadi

Author_Institution

Electr. & Comput. Eng. Dept., Khalifa Univ. of Sci., Sharjah, United Arab Emirates

fYear

2014

fDate

23-25 July 2014

Firstpage

380

Lastpage

383

Abstract

Network´s speed continues to increase at a high rate resulting in massive network traffic. This results in a need to have a high-speed network intrusion detection system (NIDS) to detect malicious traffic. Snort is a software-based NIDS that can run as a single threaded application. However, it may not be able to detect intrusions in real-time especially in networks with high traffic. This paper proposes a two layer framework where Snort will run as a second line of defense and will be executed only when deep payload analysis is needed. To accelerate the efficiency of Snort, the proposed system will dynamically offload the most frequent rules or signatures to a NetFPGA based hardware. The NetFPGA will work as a first line of defense that accelerates the detection by filtering all the traffic looking for intrusions. This will be done by analyzing the captured packet header to match the offloaded rules or signatures.

Keywords

computer network security; field programmable gate arrays; NetFPGA based hardware; NetFPGA-based Snort NIDS; deep payload analysis; high-speed network intrusion detection system; malicious traffic detection; single threaded application; software-based NIDS; Acceleration; Engines; Hardware; Intrusion detection; Monitoring; Ports (Computers); Radiation detectors; Intrusion detection system; NetFPGA; Network Security; Snort;

fLanguage

English

Publisher

ieee

Conference_Titel

Communication Systems, Networks & Digital Signal Processing (CSNDSP), 2014 9th International Symposium on

Conference_Location

Manchester

Type

conf

DOI

10.1109/CSNDSP.2014.6923858

Filename

6923858