DocumentCode
3093595
Title
Improving a network security system by recongurable hardware
Author
Li, Sinan ; Torresen, Jim ; Sorasen, Oddvar
Author_Institution
Department of Informatics, University of Oslo, N-03 16 Oslo, Norway
fYear
2004
fDate
8-9 Nov. 2004
Firstpage
135
Lastpage
138
Abstract
Improving network security systems by using recon gurable hardware is an important research eld since the speed of the Internet is increasing. In this work, we have implemented stateful TCP inspection in a Field Programmable Gate Array (EPGA) to help alleviating a bottleneck in network intrusion detection systems (NIDSs). Today´s software based NIDSs (eg. Snort) show inef ciency and even fail to perform for the faster Internet. Implementing stateful TCP inspection in EPGA aims at achieving an ef cient, fast NIDS in general, - Snort speci cally. By dividing a TCP connection into two ows, one to the Sewer and another to the Client, monitoring of the TCP ow can be sped up. A TCP ow deals not only with a single packet but also with multiple packets over the network. Reassembly of those packets is one of the main tusks that the TCP ow monitoring should accomplish. By parallelizing the tasks of reassembling TCP packets on the Sewer and the Client on an EPGA, the performance of stateful TCP inspection can be greatly improved. The performance obtained by this work is a throughput of 2.75 Gbps.
Keywords
Communication system security; Field programmable gate arrays; Hardware; IP networks; Informatics; Inspection; Internet; Intrusion detection; Monitoring; Protocols;
fLanguage
English
Publisher
ieee
Conference_Titel
Norchip Conference, 2004. Proceedings
Conference_Location
Oslo, Norway
Print_ISBN
0-7803-8510-1
Type
conf
DOI
10.1109/NORCHP.2004.1423841
Filename
1423841
Link To Document