General IDS Acceleration for High-Speed Networks

Result code in IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F18%3A10133054" target="_blank" >RIV/63839172:_____/18:10133054 - isvavai.cz</a>

Alternative codes found

RIV/00216305:26230/18:PU130778

Result on the web

<a href="https://www.liberouter.org/wp-content/uploads/2018/10/IDS-SDM-paper.pdf" target="_blank" >https://www.liberouter.org/wp-content/uploads/2018/10/IDS-SDM-paper.pdf</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/ICCD.2018.00062" target="_blank" >10.1109/ICCD.2018.00062</a>

Result language

angličtina

Original language name

General IDS Acceleration for High-Speed Networks

Original language description

Network Intrusion Detection Systems have gained popularity as one of the key technologies to secure communication infrastructures. However, their high computational complexity poses performance challenges for practical deployment in modern high-speed networks. To achieve the highest quality of detection, IDS should process as much relevant data as it can without becoming the bottleneck of a network connection. At the same time, IDS implementation should be flexible enough to accommodate detection methods of ever emerging new security threats. This paper aims at an acceleration of IDS by means of informed packet discarding, effectively focusing the available resources of overloaded IDS to the most relevant parts of analyzed traffic. Unlike previous works, the proposed scheme does not move the IDS nor any specific portion of it into the hardware accelerator. Rather it uses smart software based or hardware accelerated offload (bypass) of the traffic parts that are not likely to represent a security threat. The flexible nature of software-based IDS is therefore fully maintained, while the quality of threat detection remains sufficiently high even when processing high-speed traffic. We show that controlled (informed) discarding of well-defined portions of input traffic yields better detection rates, compared to the default uncontrolled (blind) buffer overflow discarding in high throughput scenarios. Our results show that it is entirely possible to run an IDS on a high-speed network link using single CPU with an FPGA accelerated packet pre-filtering.

Czech name

—

Czech description

—

Type

D - Article in proceedings

CEP classification

—

OECD FORD branch

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Project

Result was created during the realization of more than one project. More information in the Projects tab.

Continuities

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Publication year

2018

Confidentiality

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Article name in the collection

2018 IEEE 36th International Conference on Computer Design (ICCD)

ISBN

978-1-5386-8477-1

ISSN

1063-6404

e-ISSN

neuvedeno

Number of pages

8

Pages from-to

366-373

Publisher name

IEEE

Place of publication

Orlando, FL, USA

Event location

Orlando, FL, USA

Event date

Oct 7, 2018

Type of event by nationality

WRD - Celosvětová akce

UT code for WoS article

000458293200051