Increasing Throughput of Intrusion Detection Systems by Hash-Based Short String Pre-Filter

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F20%3APU138872" target="_blank" >RIV/00216305:26230/20:PU138872 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1109/LCN48667.2020.9314812" target="_blank" >http://dx.doi.org/10.1109/LCN48667.2020.9314812</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/LCN48667.2020.9314812" target="_blank" >10.1109/LCN48667.2020.9314812</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Increasing Throughput of Intrusion Detection Systems by Hash-Based Short String Pre-Filter

Popis výsledku v původním jazyce

With an increasing speed of network links, it is also necessary to increase the throughput of network security systems. An intrusion detection system (IDS) is one of the key components in the protection of network infrastructure. Unfortunately, the IDS has to match a large set of regular expressions (REs) in network streams, which has a negative impact on its throughput. Currently, multiple parallel machines have to be used to support 100 Gbps throughput of Suricata or Bro IDS. A fast pre-filtration of network traffic can allow the IDS to achieve a higher overall throughput. Therefore, we have designed a new algorithm, which is able to select a set of short strings that represents an RE set utilized in the IDS. Such a set of strings can facilitate fast and efficient pre-filtration. Compared to previous methods, strings selected by the proposed algorithm can reduce network traffic up to 3.3 times better. Moreover, the algorithm is able to select strings representing a single RE in less than a second, thus  allowing fast updates of an IDS ruleset. As all selected strings have the same length, they can be used in a hash-based pre-filter, which is able to process more 100 Gbps of network traffic.

Název v anglickém jazyce

Increasing Throughput of Intrusion Detection Systems by Hash-Based Short String Pre-Filter

Popis výsledku anglicky

With an increasing speed of network links, it is also necessary to increase the throughput of network security systems. An intrusion detection system (IDS) is one of the key components in the protection of network infrastructure. Unfortunately, the IDS has to match a large set of regular expressions (REs) in network streams, which has a negative impact on its throughput. Currently, multiple parallel machines have to be used to support 100 Gbps throughput of Suricata or Bro IDS. A fast pre-filtration of network traffic can allow the IDS to achieve a higher overall throughput. Therefore, we have designed a new algorithm, which is able to select a set of short strings that represents an RE set utilized in the IDS. Such a set of strings can facilitate fast and efficient pre-filtration. Compared to previous methods, strings selected by the proposed algorithm can reduce network traffic up to 3.3 times better. Moreover, the algorithm is able to select strings representing a single RE in less than a second, thus  allowing fast updates of an IDS ruleset. As all selected strings have the same length, they can be used in a hash-based pre-filter, which is able to process more 100 Gbps of network traffic.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VI20192022143" target="_blank" >VI20192022143: Flexibilní sonda pro realizaci zákonných odposlechů</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings - Conference on Local Computer Networks, LCN

ISBN

978-1-7281-7158-6

ISSN

—

e-ISSN

—

Počet stran výsledku

6

Strana od-do

509-514

Název nakladatele

Institute of Electrical and Electronics Engineers

Místo vydání

Sydney (virtual)

Místo konání akce

Sydney (virtual)

Datum konání akce

16. 11. 2020

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—