Design of SPI module in large-scale network

Abstract

One of the major problems and limiting factor with network-based IDS(NIDS) is the high false positive alert rate. In order to reduce these false positive alerts, a lot of methods and techniques are proposed. Stateful packet inspection (SPI) is one of these solutions. Stateless IDSs generate tremendous false positive alerts while stick or snot attempts to attack. Most existing NIDS have SPI modules which supports statefulness but they don't satisfy high-performance in gigabit Internet environment. To solve this problem, we propose a hardware based SPI module that supports up to 1 million connections with 2-step state management scheme in this paper