Abstract
The fast extension of inexpensive computer networks has increased the problem of unauthorized access and tampering with data. Many NIDSs are developed till now to respond these network attacks. As network technology presses forward, Gigabit Ethernet has become the actual standard for large network installations. Therefore, software solutions in developing high-speed NIDSs are increasingly impractical. It thus appears well motivated to investigate the hardware-based solutions. Although several solutions have been proposed recently, finding an efficient solution is considered as a difficult problem due to the limitations in resources such as a small memory size, as well as the growing link speed. In this paper, we propose the FPAG-based intrusion detection technique to detect and respond variant attacks on high-speed links. It is possible through novel pattern matching mechanism and heuristic analysis mechanism that is processed on FPGA-based reconfiguring hardware. Most of all, It was designed to fully exploit hardware parallelism to achieve real-time packet inspection, to require a small memory for storing signature. The technique is a part of our proposed system, called ATPS(Adaptive Threat Prevention System) recently developed. That is, the proposed system has hardware architecture that can be capable of provide the high-performance detection mechanism.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kim, B.-K., Kim, I.-K., Kim, K.-Y., Jang, J.-S.: Design and Implementation of High-Performance Intrusion Detection System. In: Laganà, A., Gavrilova, M., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 594–602. Springer, Heidelberg (2004)
Kruegel, C., Valeur, F., Vigna, G., Kemmerer, R.: Stateful intrusion detection for high-speed networks. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 266–274. IEEE Computer Society Press, Los Alamitos (2002)
ISS. RealSecure Gigabit Network Sensor (September 2002), http://www.iss.net/products_services/enterprise_protection/rsnetwork/gigabitsensor.php
Symantec. ManHunt (2002), http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=156
CISCO. CISCO Intrusion Detection System. Technical Information (November 2001)
Roesch, M.: Snort-Lightweight Intrusion Detection for Networks. In: Proceedings of the USENIX LISA 1999 Conference (November 1999)
Ranum, M.: Burglar Alarms for Detecting Intrusions, NFR Inc. (1999)
Ptacek, T., Newsham, T.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Secure Networks Inc. (1998)
Debar, H., Dacier, M., Wespi, A.: Research Report Towards a Taxonomy of Intrusion Detection Systems, Technical Report RZ 3030, IBM Research Division, Zurich Research Laboratory (June 1998)
Kumar, S., Spafford, E.: A pattern matching model for misuse intrusion detection. In: Proceedings of the 17th National Computer Security Conference, pp. 11–21 (October 1994)
Anderson, D., Frivold, T., Valdes, A.: Next-generation intrusion detection expert system(NIDES), Technical Report SRI-CLS-95-07 (May 1995)
Kumar, S.: Classification and Detection of Computer Intrusions, Phd, Purdue University (1995)
Yi, S., Kim, B.-k., Oh, J., Jang, J., Kesidis, G., Das, C.R.: Memory-Efficient Content Filtering Hardware for High-Speed Intrusion Detection Systems. In: Proceedings of the 2007 ACM Symposium on Applied Computing, Seoul, Korea, March 11-15, pp. 264–269. ACM Press, New York (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, B., Yoon, S., Oh, J. (2007). ATPS – Adaptive Threat Prevention System for High-Performance Intrusion Detection and Response. In: Ata, S., Hong, C.S. (eds) Managing Next Generation Networks and Services. APNOMS 2007. Lecture Notes in Computer Science, vol 4773. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75476-3_35
Download citation
DOI: https://doi.org/10.1007/978-3-540-75476-3_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75475-6
Online ISBN: 978-3-540-75476-3
eBook Packages: Computer ScienceComputer Science (R0)