Title :
Priority-based high-speed intelligent rule-checking
Author :
Sachidananda, Saraswathi ; Shah, Mintu ; Gopalan, Srividya ; Varadarajan, Sridhar
Author_Institution :
Satyam Comput. Services Ltd., Indian Inst. of Sci., Bangalore
Abstract :
Snort rule-checking is one of the most popular forms of network intrusion detection systems (NIDS). Recent work in string matching has focused on offloading string matching to hardware realizations in order to achieve time and space efficiencies. However, any form of implementation would have to maintain a threshold performance in order to keep with the packet data rate. While trying to maintain this threshold, control-unit is forced to either drop some packets or some rules. In this work, we present a packet priority technique that prioritizes the packets such that there is a high probability that the potentially malicious packets are detected within the threshold limit. We also present a novel intelligent string arrangement (ISA) that enables complete packet scanning in a smart and time efficient manner
Keywords :
security of data; Snort rule-checking; high-speed intelligent rule-checking; intelligent string arrangement; network intrusion detection systems; offloading string matching; packet priority technique; Computer networks; Databases; Field programmable gate arrays; Force control; Hardware; Instruction sets; Intrusion detection; Matched filters; Payloads; Scheduling; FPGA; Intrusion detection systems; Snort rules; packet processing;
Conference_Titel :
Advanced Communication Technology, 2006. ICACT 2006. The 8th International Conference
Print_ISBN :
89-5519-129-4
DOI :
10.1109/ICACT.2006.206230
