An efficient hardware architecture for deep packet inspection in hybrid intrusion detection systems
作者: Mohammad Amin Taherkhani , Maghsoud Abbaspour
DOI: 10.1109/CHINACOM.2009.5339840
关键词:
摘要: Intrusion Detection Systems are known as important security components to establish a protection mechanism for computer and network related resources. By increasing speed of networks, also number incidents complexity attacks; IDSs need intelligently process the inputs with high performance precision. A key idea could be an implementation hardware modules some IDS. In this paper, efficient architecture is proposed Network based which able detect attacks anomaly behavior over application protocols. Minimum time complexity, low storage cost improved accuracy correctness features
sci-hub.se 参考文章(17)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Fang Yu, R.H. Katz, T.V. Lakshman, Gigabit rate packet pattern-matching using TCAM international conference on network protocols. pp. 174- 183 ,(2004) , 10.1109/ICNP.2004.1348108
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Hervé Debar, Marc Dacier, Andreas Wespi, Towards a taxonomy of intrusion-detection systems Computer Networks. ,vol. 31, pp. 805- 822 ,(1999) , 10.1016/S1389-1286(98)00017-6
Robin Sommer, Vern Paxson, Enhancing byte-level network intrusion detection signatures with context computer and communications security. pp. 262- 271 ,(2003) , 10.1145/948109.948145
Fang Yu, Zhifeng Chen, Yanlei Diao, T. V. Lakshman, Randy H. Katz, Fast and memory-efficient regular expression matching for deep packet inspection Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems - ANCS '06. pp. 93- 102 ,(2006) , 10.1145/1185347.1185360
K. Pagiamtzis, A. Sheikholeslami, Content-Addressable Memory (CAM) Circuits and Architectures: A Tutorial and Survey IEEE Journal of Solid-State Circuits. ,vol. 41, pp. 712- 727 ,(2006) , 10.1109/JSSC.2005.864128
T. KATASHITA, Y. YAMAGUCHI, A. MAEDA, K. TODA, FPGA-Based Intrusion Detection System for 10 Gigabit Ethernet The IEICE transactions on information and systems. ,vol. 90, pp. 1923- 1931 ,(2007) , 10.1093/IETISY/E90-D.12.1923
Alfred V. Aho, Margaret J. Corasick, Efficient string matching: an aid to bibliographic search Communications of The ACM. ,vol. 18, pp. 333- 340 ,(1975) , 10.1145/360825.360855
Peter Linz, An Introduction to Formal Languages and Automata ,(1996)