publication . Conference object . 2013

Scalable high-performance parallel design for network intrusion detection systems on many-core processors

Jiang, Haiyang; Zhang, Guangxing; Kavé, Salamatian; Xie, Gaogang; Mathy, Laurent;
Open Access English
  • Published: 21 Oct 2013
  • Publisher: HAL CCSD
  • Country: Belgium
Abstract
International audience; Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. Both hardware accelerated and parallel software-based NIDS solutions, based on commodity multi-core and GPU processors, have been proposed to overcome these challenges. Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the relentless network link speed growth and increasing complexity of threats. Both hardware accelerated and parallel software-based NIDS solutions, based on commodity multi-core and GPU processors, have been proposed to overcom...
Subjects
free text keywords: : Computer science [Engineering, computing & technology], : Sciences informatiques [Ingénierie, informatique & technologie], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI]
Related Organizations
29 references, page 1 of 2

[1] V. Paxson. Bro: A System for Detecting Network Intruders in Real-time. In Proceedings of the 7th Conference on USENIX Security Symposium, 1998

[2] Zachary K. Baker and Viktor K. Prasanna, ”High-throughput Linked-Pattern Matching for Intrusion Detection Systems”, In ANCS 2005, Oct 26-28, 2005, Princeton, New Jersey, USA

[3] V. Paxson, R. Sommer, and N. Weaver, ”An architecture for exploiting multi-core processors to parallelize network intrusion prevention” In Proceedings IEEE Sarnoff Symposium, May 2007

[4] J. Lee, S. H. Hwang, N. Park, S.-W. Lee, S. Jun, and Y. S. Kim. A High Performance NIDS Using FPGA-based Regular Expression Matching. In Proceedings of the 22nd ACM Symposium on Applied computing (SAC), 2007

[5] Mitra, W. Najjar, and L. Bhuyan. Compiling PCRE to FPGA for accelerating SNORT IDS. In Proceedings of the 3rd ACM/IEEE Symposium on Architecture for Networking and Communications Systems, ANCS, 2007

[6] M. Colajanni and M. Marchetti, ”A parallel architecture for stateful intrusion detection in high traffic networks”, IEEE IST Workshop on Monitoring, Attack Detection and Mitigation, Tuebingen, Germany, Sept. 2006 [OpenAIRE]

[7] Kim, Sunil, and Jun-yong Lee. ”A system architecture for high-speed deep packet inspection in signature-based network intrusion prevention.” Journal of Systems Architecture 53.5 (2007): 310-320.

[8] G. Vasiliadis, M. Polychronakis, and S. Ioannidis. ”MIDeA: A Multi-Parallel Intrusion Detection Architecture”, In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2011. [OpenAIRE]

[9] M. Jamshed, J. Lee, S. Moon, I. Yun, D. Kim, S. Lee, Y. Yi, and K. Park. ”Kargus: a highly-scalable software-based intrusion detection system”, In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2012 [OpenAIRE]

[10] http://vrt-blog.snort.org/

[11] J. Cabrera, J. Gosar, W. Lee, and R. Mehra, aˇrOn the statistical distribution of processing times in network intrusion detectiona´s In 43rd IEEE Conference on Decision and Control, Dec 2004, pp. 75´lC80.

[12] TILE-Gx8036 product brief http://www.tilera.com/sites/default/files/ productbriefs/TILE-Gx8036 PB033-02 web.pdf

[13] Salminen, Erno, Ari Kulmala, and Timo D. Hamalainen. ”Survey of network-on-chip proposals.” white paper, OCP-IP (2008): 1-13.

[14] www.suricata-ids.org

[15] www.openinfosecfoundation.org

29 references, page 1 of 2
Powered by OpenAIRE Open Research Graph
Any information missing or wrong?Report an Issue
publication . Conference object . 2013

Scalable high-performance parallel design for network intrusion detection systems on many-core processors

Jiang, Haiyang; Zhang, Guangxing; Kavé, Salamatian; Xie, Gaogang; Mathy, Laurent;