{"title":"硬件支持的网络入侵检测模式简化和电路设计","authors":"T. Ramirez, C. Lo","doi":"10.1109/IAW.2005.1495992","DOIUrl":null,"url":null,"abstract":"There are many other works that attempt to speed up the NIDS Snort by improving the packet processing function. Most of the work has been focused on circuit design while attempts to reduce the rule sets have been limited. This paper shows how we are capable of reducing the amount of characters in a rule set to limit device utilization requirements. Our results show we can use 51% of the amount of logic to implement the full rule set for the NIDS Snort. Our design has also been shown to perform in a comparable manner as that of another approach that reduces rule sets for intrusion detection. It is as area efficient as the other work and the throughput is sufficient for the goal of monitoring a high-speed network. The area utilization is still within device constraints for our development platform. Also, depending upon the network's priorities, cost or performance, more devices can be used to implement faster pattern matching.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Pattern reduction and circuit design for hardware-supported network intrusion detection\",\"authors\":\"T. Ramirez, C. Lo\",\"doi\":\"10.1109/IAW.2005.1495992\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"There are many other works that attempt to speed up the NIDS Snort by improving the packet processing function. Most of the work has been focused on circuit design while attempts to reduce the rule sets have been limited. This paper shows how we are capable of reducing the amount of characters in a rule set to limit device utilization requirements. Our results show we can use 51% of the amount of logic to implement the full rule set for the NIDS Snort. Our design has also been shown to perform in a comparable manner as that of another approach that reduces rule sets for intrusion detection. It is as area efficient as the other work and the throughput is sufficient for the goal of monitoring a high-speed network. The area utilization is still within device constraints for our development platform. Also, depending upon the network's priorities, cost or performance, more devices can be used to implement faster pattern matching.\",\"PeriodicalId\":252208,\"journal\":{\"name\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2005.1495992\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495992","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Pattern reduction and circuit design for hardware-supported network intrusion detection
There are many other works that attempt to speed up the NIDS Snort by improving the packet processing function. Most of the work has been focused on circuit design while attempts to reduce the rule sets have been limited. This paper shows how we are capable of reducing the amount of characters in a rule set to limit device utilization requirements. Our results show we can use 51% of the amount of logic to implement the full rule set for the NIDS Snort. Our design has also been shown to perform in a comparable manner as that of another approach that reduces rule sets for intrusion detection. It is as area efficient as the other work and the throughput is sufficient for the goal of monitoring a high-speed network. The area utilization is still within device constraints for our development platform. Also, depending upon the network's priorities, cost or performance, more devices can be used to implement faster pattern matching.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
