Title :
Pattern reduction and circuit design for hardware-supported network intrusion detection
Author :
Ramirez, Timothy ; Lo, Chia-Tien Dan
Author_Institution :
Texas Univ., San Antonio, TX, USA
Abstract :
There are many other works that attempt to speed up the NIDS Snort by improving the packet processing function. Most of the work has been focused on circuit design while attempts to reduce the rule sets have been limited. This paper shows how we are capable of reducing the amount of characters in a rule set to limit device utilization requirements. Our results show we can use 51% of the amount of logic to implement the full rule set for the NIDS Snort. Our design has also been shown to perform in a comparable manner as that of another approach that reduces rule sets for intrusion detection. It is as area efficient as the other work and the throughput is sufficient for the goal of monitoring a high-speed network. The area utilization is still within device constraints for our development platform. Also, depending upon the network´s priorities, cost or performance, more devices can be used to implement faster pattern matching.
Keywords :
logic design; network synthesis; packet switching; pattern matching; security of data; NIDS Snort; area utilization; circuit design; device constraint; device utilization requirement; hardware-supported network intrusion detection; high-speed network monitoring; packet processing; pattern matching; pattern reduction; Circuit synthesis; Computer crime; Hardware; High-speed networks; Inspection; Intrusion detection; Monitoring; Signal synthesis; Telecommunication traffic; Throughput;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495992
