Abstract
Due to the development of the Internet, much valuable information is stored in the networked computer or transmitted on the network. System and network security is more and more important than before. Intrusion detection system (IDS) is developed to monitor network and/or system activities for malicious or unwanted behavior. Intrusion Prevention System offer stronger protection. When an attack is detected, IPS can drop the offending packets while still allowing all other traffic to pass. Recently, the speed of backbone network has already reached Gbit-scale, the intrusion detection or prevention is more difficult than before. The price of the related products in the market is above two million new Taiwan dollars. In this paper, we design and implement an inkernel Intrusion Prevention System in Gigabit network using commodity hardware and Linux operating systems. Preliminary experiment results show that, our system outperforms traditional intrusion prevention system (snort inline) substantially. Besides, our system can reach the wire speed under a typical set of detection rules.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alserhani, F., Akhlaq, M., Awan, I.U., Cullen, A.J., Mellor, J., Mirchandani, P.: Snort Performance Evaluation. Informatics Research Institute, University of Brad-ford, Bradford, BD7 1DP, United Kingdom (2009)
Baggett, M.: IP Fragment Reassembly with scapy, SANS Institute InfoSec Reading Room (2012)
Brown Jr., B.J.: IDS, the Silver Bullet!? A conversation with your CEO. SANS GIAC Security Essentials Certification Practical V.1.4b (2004)
Charitakis, I., Anagnostakis, K., Markatos, E.P.: A Network-Processor-Based Traffic Splitter for Intrusion Detection, ICS-FORTH Technical Report, vol. 342 (2004)
Coit, J., Staniford, S., McAlerney, J.: Towards Faster String Matching for Intrusion Detection or Exceeding the Speed of Snort. In: DARPA Information Survivability Conference and Exposition, DISCEX II 2001, pp. 367–373 (2001)
Daniel, N., Kristina, M., Ed, T.: Intrusion Detection Overview – Intrusion Detection Evasive Technologies (2004)
Deri, L.: Passively Monitoring Networks at Gigabit Speeds Using Commodity Hardware and Open Source Software. In: Passive and Active Measurement Workshop (2003)
Desai, N.: Increasing Performance in High Speed NIDS, http://www.snort.org/docs/Increasing-Performance-in-High-Speed-NIDS.pdf
Dorothy, E.D.: An Intrusion Detection Model. IEEE Transactions on Software Engineering SE-13(2), 222–232 (1987)
Fu, T., Chou, T.S.: An Analysis of Packet Fragmentation Attacks vs. Snort Intrusion Detection System. International Journal of Computer Engineering Science, IJCES 2(5) (2012)
Schaelicke, L., Slabach, T., Moore, B., Freeland, C.: Characterizing the Performance of Network Intrusion Detection Sensors. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 155–172. Springer, Heidelberg (2003)
LMbench, http://www.bitmover.com/lmbench/
NetFilter/IPTable, http://www.netfilter.org
NFR Network Intrusion Detection System, http://www.nfr.com/solutions/system.php
Snort, http://www.snort.org
Salahh, K., Kahtanti, A.: Boosting throughput of Snort NIDS under Linux. In: Proc. Fifth IEEE Int. Conf. Innovations in Information Technology, Innovations 2008, December 16-18 (2008)
Salah, K., Kahtani, A.: Improving Snort performance under Linux. IET Communications 3(12), 1883–1895, 13p. 5 diagrams, 4 graphs (2009)
TCPDump/Libpcap, http://www.tcpdump.org
Zhou, Z., Chen, Z., Zhou, T., Guan, X.: The study on network intrusion detection system of Snort. In: 2nd International Conference on Networking and Digital Society, ICNDS, vol. 2, pp. 194–196 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Feng, LC., Huang, CW., Wang, JK. (2013). Design and Implementation of a Linux Kernel Based Intrusion Prevention System in Gigabit Network Using Commodity Hardware. In: Pan, JS., Yang, CN., Lin, CC. (eds) Advances in Intelligent Systems and Applications - Volume 2. Smart Innovation, Systems and Technologies, vol 21. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35473-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-35473-1_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35472-4
Online ISBN: 978-3-642-35473-1
eBook Packages: EngineeringEngineering (R0)