A CONTENT-ADDRESSABLE-MEMORY ASSISTED INTRUSION PREVENTION EXPERT SYSTEM FOR GIGABIT NETWORKS
作者: Ying Yu
DOI:
关键词: Computer science 、 Network packet 、 Gigabit 、 Wire speed 、 Intrusion detection system 、 Expert system 、 Embedded system 、 Content-addressable memory 、 Flooding (computer networking) 、 Problem domain
摘要: Cyber intrusions have become a serious problem with growing frequency and complexity. Current Intrusion Detection/Prevention Systems (IDS/IPS) are deficient in speed and/or accuracy. Expert systems one functionally effective IDS/IPS method. However, they general computationally intensive too slow for real time requirements. This poor performance prohibits expert system's applications gigabit networks. dissertation describes novel intrusion prevention system architecture that utilizes the parallel search capability of Content Addressable Memory (CAM) to perform detection at gigabit/second wire speed. A CAM is memory compares all its entries against input data parallel. much faster than serial operation Random Access (RAM). The major contribution this thesis accelerate bottleneck "match" processes using power CAM, thereby enabling network applications. To map an Match process into research introduces "Contextual Rule" (C-Rule) method fundamentally changes systems' computational structures without changing functionality domain. combines rules current states new type dynamic rule exists only under specific state conditions. converts conventional two-database match one-database process. Therefore it enables core be mapped take advantage parallelism.This also CAM-Assisted Prevention System (CAIPES) shows how can support vast majority 1999 Lincoln Lab's DARPA Detection Evaluation set, open source IDS "Snort". Supported able detect single-packet attacks, abusive traffic packet flooding sequences packets attacks. Prototyping simulation been performed demonstrate these four types Hardware existing CAIPES gigabit/s IDS/IPS.
参考文章(59)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
David Elliot Shaw, NON-VON's applicability to three AI task area international joint conference on artificial intelligence. pp. 61- 72 ,(1985)
José Nelson Amaral, Joydeep Ghosh, None, Speeding Up Production Systems: From Concurrent Matching to Parallel Rule Firing* Machine Intelligence and Pattern Recognition. ,vol. 14, pp. 139- 160 ,(1994) , 10.1016/B978-0-444-81704-4.50013-2
Sandeep Kumar, Classification and detection of computer intrusions Purdue University. ,(1996)
Daniel P. Miranker, TREAT: a better match algorithm for AI production systems national conference on artificial intelligence. pp. 42- 47 ,(1987)
R. Heady, G. Luger, A. Maccabe, M. Servilla, The architecture of a network level intrusion detection system Other Information: PBD: 15 Aug 1990. ,(1990) , 10.2172/425295
Young H. Cho, Shiva Navab, William H. Mangione-Smith, Specialized Hardware for Deep Network Packet Filtering field programmable logic and applications. pp. 452- 461 ,(2002) , 10.1007/3-540-46117-5_48
Mike Fisk, George Varghese, Fast Content-Based Packet Handling for Intrusion Detection University of California at San Diego. ,(2001) , 10.21236/ADA406413
Stephen Northcutt, Judy Novak, Network Intrusion Detection ,(1999)
Tao Wan, Xue Dong Yang, IntruDetector: a software platform for testing network intrusion detection algorithms annual computer security applications conference. pp. 3- 11 ,(2001) , 10.1109/ACSAC.2001.991516