All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Analysis of TLS Prefiltering for IDS Acceleration

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F23%3A10133625" target="_blank" >RIV/63839172:_____/23:10133625 - isvavai.cz</a>

  • Alternative codes found

    RIV/00216305:26230/23:PU149812

  • Result on the web

    <a href="https://link.springer.com/book/10.1007/978-3-031-28486-1" target="_blank" >https://link.springer.com/book/10.1007/978-3-031-28486-1</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/978-3-031-28486-1_5" target="_blank" >10.1007/978-3-031-28486-1_5</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Analysis of TLS Prefiltering for IDS Acceleration

  • Original language description

    Network intrusion detection systems (IDS) and intrusion prevention systems (IPS) have proven to play a key role in securing networks. However, due to their computational complexity, the deployment is difficult and expensive. Therefore, many times the IDS is not powerful enough to handle all network traffic on high-speed network links without uncontrolled packet drop. High-speed packet processing can be achieved using many CPU cores or an appropriate acceleration. But the acceleration has to preserve the detection quality and has to be flexible to handle ever-emerging security threats. One of the common acceleration methods among intrusion detection/prevention systems is the bypass of encrypted packets of the Transport Layer Security (TLS) protocol. This is based on the fact that IDS/IPS cannot match signatures in the packet encrypted payload. The paper provides an analysis and comparison of available TLS bypass solutions and proposes a high-speed encrypted TLS Prefilter for further acceleration. We are able to demonstrate that using our technique, the IDS performance has tripled and at the same time detection results have resulted in a lower rate of false positives. It is designed as a software-only architecture with support for commodity cards. However, the architecture allows smooth transfer of the proposed method to the HW-based solution in Field-programmable gate array (FPGA) network interface cards (NICs).

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/LM2018140" target="_blank" >LM2018140: e-Infrastructure CZ</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2023

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Lecture Notes in Computer Science

  • ISBN

    978-3-031-28485-4

  • ISSN

    0302-9743

  • e-ISSN

    1611-3349

  • Number of pages

    25

  • Pages from-to

    85-109

  • Publisher name

    SPRINGER INTERNATIONAL PUBLISHING AG

  • Place of publication

    Cham, Švýcarsko

  • Event location

    Virtual

  • Event date

    Mar 21, 2023

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    001004071500005

Similar results(10)

Accelerating IDS Using TLS Pre-Filter in FPGAIntrusion Detection System Intended for Multigigabit NetworksHardware Acceleration of Intrusion Detection Systems for High-Speed Networks