A Framework For Performance Evaluation Of ASIPS In Network-Based IDS
作者: Majid Nezakatolhoseini
关键词:
摘要: Nowadays efficient usage of high-tech security tools and appliances is considered as an important criterion for improvement computer networks. Based on this assumption, Intrusion Detection Prevention Systems (IDPS) have key role applying the defense in depth strategy. In situation, by increasing network bandwidth addition to number threats, Network-based IDPSes been faced with performance challenge processing huge traffic A general solution bottleneck exploitation hardware architectures IDPS. paper a framework analysis evaluation application specific instruction set processors presented attack detection Networkbased Systems(NIDS). By running V850, OR1K, MIPS32, ARM7TDMI PowerPC32 microprocessors, their has evaluated analyzed. For improvement, compiler optimization levels are employed at end; base O2 level new combination flags presented. The experiments show that results 18.10% improvements pattern matching microprocessors.
core.ac.uk
arxiv.org
sci-hub.st 参考文章(22)
Michalis Polychronakis, Evangelos P. Markatos, Sotiris Ioannidis, Giorgos Vasiliadis, Spiros Antonatos, Gnort: High Performance Network Intrusion Detection Using Graphics Processors recent advances in intrusion detection. pp. 116- 134 ,(2008) , 10.1007/978-3-540-87403-4_7
Fang Yu, R.H. Katz, T.V. Lakshman, Gigabit rate packet pattern-matching using TCAM international conference on network protocols. pp. 174- 183 ,(2004) , 10.1109/ICNP.2004.1348108
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Long Bu, J.A. Chandy, FPGA based network intrusion detection using content addressable memories field-programmable custom computing machines. pp. 316- 317 ,(2004) , 10.1109/FCCM.2004.35
J. Jiang, X. Wang, K. He, B. Liu, Parallel Architecture for High Throughput DFA-Based Deep Packet Inspection 2010 IEEE International Conference on Communications. pp. 1- 5 ,(2010) , 10.1109/ICC.2010.5501748
K. Pagiamtzis, A. Sheikholeslami, Content-Addressable Memory (CAM) Circuits and Architectures: A Tutorial and Survey IEEE Journal of Solid-State Circuits. ,vol. 41, pp. 712- 727 ,(2006) , 10.1109/JSSC.2005.864128
Mohammad Amin Taherkhani, Maghsoud Abbaspour, An efficient hardware architecture for deep packet inspection in hybrid intrusion detection systems international conference on communications. pp. 1- 6 ,(2009) , 10.1109/CHINACOM.2009.5339840
T. KATASHITA, Y. YAMAGUCHI, A. MAEDA, K. TODA, FPGA-Based Intrusion Detection System for 10 Gigabit Ethernet The IEICE transactions on information and systems. ,vol. 90, pp. 1923- 1931 ,(2007) , 10.1093/IETISY/E90-D.12.1923
Niccolo' Cascarano, Pierluigi Rolando, Fulvio Risso, Riccardo Sisto, iNFAnt: NFA pattern matching on GPGPU devices acm special interest group on data communication. ,vol. 40, pp. 20- 26 ,(2010) , 10.1145/1880153.1880157
Sailesh Kumar, Sarang Dharmapurikar, Fang Yu, Patrick Crowley, Jonathan Turner, Algorithms to accelerate multiple regular expressions matching for deep packet inspection acm special interest group on data communication. ,vol. 36, pp. 339- 350 ,(2006) , 10.1145/1151659.1159952