Advertisement

Code Generation for Packet Header Intrusion Analysis on the IXP1200 Network Processor

  • Ioannis Charitakis
  • Dionisios Pnevmatikatos
  • Evangelos Markatos
  • Kostas Anagnostakis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2826)

Abstract

We present a software architecture that enables the use of the IXP1200 network processor in packet header analysis for network intrusion detection. The proposed work consists of a simple and efficient run-time infrastructure for managing network processor resources, along with the S2I compiler, a tool that generates efficient C code from high-level, human readable, intrusion signatures. This approach facilitates the employment of the IXP1200 in network intrusion detection systems while our experimental results demonstrate that provides performance comparable to hand-crafted code.

Keywords

Tree Structure Intrusion Detection Static Section Instruction Memory Network Intrusion Detection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Intel IXA SDK ACE programming framework developer’s guide (June 2001), http://www.intel.com/design/network/products/npfamily/ixp1200.htm
  2. 2.
    Campbell, A., Chou, S., Kounavis, M., Stachtos, V., Vicente, J.: Netbind: A binding tool for constructing data paths in network processor-based routers. In: Proceedings of the 5th International Conference on Open Architectures and Network Programming (OPENARCH 2002) (June 2002)Google Scholar
  3. 3.
    Engler, D., Kaashoek, M.: DPF: Fast, flexible message demultiplexing using dynamic code generation. In: Proceedings of ACM SIGCOMM 1996, August 1996, pp. 53–59 (1996)Google Scholar
  4. 4.
    MRA traffic archive (September 2002), http://pma.nlanr.net/PMA/Sites/MRA.html
  5. 5.
    Roesch, M.: Snort: Lightweight intrusion detection for networks. In: Proc. of the1997 USENIX Systems Administration Conference (LISA) (November 1999), software available from http://www.snort.org/
  6. 6.
    Sobirey, M.: Intrusion detection systems, http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
  7. 7.
    Spalink, T., Karlin, S., Peterson, L.: Evaluating Network Processors in IP Forwarding. Technical report, Computer Science dep, Princeton University, November 15 (2000)Google Scholar
  8. 8.
    Spalink, T., Karlin, S., Peterson, L., Gottlieb, Y.: Building a robust softwarebasedrouter using network processors. In: Proceedings of the 18th ACM Symposiumon Operating Systems Principles, October 2001, pp. 216–229 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Ioannis Charitakis
    • 1
  • Dionisios Pnevmatikatos
    • 1
  • Evangelos Markatos
    • 1
  • Kostas Anagnostakis
    • 2
  1. 1.Institute of Computer Science (ICS)Foundation of Research and Technology – Hellas (FORTH)Heraklion, CreteGreece
  2. 2.Distributed Systems Laboratory, CIS DepartmentUniv. of PennsylvaniaPhilaUSA

Personalised recommendations