All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Accelerating IDS Using TLS Pre-Filter in FPGA

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F23%3APU149386" target="_blank" >RIV/00216305:26230/23:PU149386 - isvavai.cz</a>

  • Alternative codes found

    RIV/63839172:_____/23:10133633

  • Result on the web

    <a href="https://ieeexplore.ieee.org/document/10218049" target="_blank" >https://ieeexplore.ieee.org/document/10218049</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1109/ISCC58397.2023.10218049" target="_blank" >10.1109/ISCC58397.2023.10218049</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Accelerating IDS Using TLS Pre-Filter in FPGA

  • Original language description

    Intrusion Detection Systems (IDSes) are a widely used network security tool. However, achieving sufficient throughput is challenging as network link speeds increase to 100 or 400 Gbps. Despite the large number of papers focusing on the hardware acceleration of IDSes, the approaches are mostly limited to the acceleration of pattern matching or do not support all types of IDS rules. Therefore, we propose hardware acceleration that significantly increases the throughput of IDSes without limiting the functionality or the types of rules supported. As the IDSes cannot match signatures in encrypted network traffic, we propose a hardware TLS pre-filter that removes encrypted TLS traffic from IDS processing and doubles the average processing speed. Implemented on an acceleration card with an Intel Agilex FPGA, the pre-filter supports 100 and 400 Gbps throughput. The hardware design is optimized to achieve a high frequency and to utilize only a few hardware resources.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    20206 - Computer hardware and architecture

Result continuities

  • Project

    <a href="/en/project/VJ02010024" target="_blank" >VJ02010024: Flow-based Encrypted Traffic Analysis</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2023

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings - IEEE Symposium on Computers and Communications

  • ISBN

    979-8-3503-0048-2

  • ISSN

  • e-ISSN

  • Number of pages

    7

  • Pages from-to

    436-442

  • Publisher name

    IEEE Computer Society

  • Place of publication

    Tunis

  • Event location

    Tunis

  • Event date

    Jul 9, 2023

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

Deep Packet Inspection in FPGAs via Approximate Nondeterministic AutomataIncreasing Throughput of Intrusion Detection Systems by Hash-Based Short String Pre-FilterRegular Expression Matching with Pipelined Delayed Input DFAs for High-speed Networks