Browse > Article

Deep Packet Inspection for Intrusion Detection Systems: A Survey  

AbuHmed, Tamer (Inha University)
Mohaisen, Abedelaziz (Inha University)
Nyang, Dae-Hun (Inha University)
Publication Information
Information and Communications Magazine / v.24, no.11, 2007 , pp. 25-36 More about this Journal
Abstract
Deep packet inspection is widely recognized as a powerful way which is used for intrusion detection systems for inspecting, deterring and deflecting malicious attacks over the network. Fundamentally, almost intrusion detection systems have the ability to search through packets and identify contents that match with known attach. In this paper we survey the deep packet inspection implementations techniques, research challenges and algorithm. Finally, we provide a comparison between the different applied system.
Keywords
Deep packet inspection; intrusion detection system; network security; algorithms;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. Rubin, S. Jha, and B. P. Miller. Protomatching network tra?c for high throughput network intrusion detection. In ACM Conference on Computer and Communications Security, pages 47-58, 2006
2 SNORT. Network intrusion detection system. http://www.snort.org/
3 J. -S. Sung, S. -M. Kang, Y. and T. -G. Kwon, A fast pattermmatching algorithm for network intrusion detection system. In Networking, pages 1157-1162, 2006
4 L. Tan, B. Brotherton, and T. Sherwood. Bit-split stringmatching engines for intrusion detection and prevention. TACO, ACM, 3(1):3-34, 2006   DOI
5 N. Tuck, T. Sherwood, B. Calder, and G. Varghese. Deterministic memory-eficient string matching algorithms for intrusion detection. In INFOCOM, 2004
6 H. Bos and K. Huang. Towards software-based signature detection for intrusion prevention on the network card. In RAID, pages 102-123, 2005
7 C. Coit, S. Staniford, and J. Mcalemey, Towards faster string matching for intrusion detection or exceeding the speed of snort. In DARPA Information Survivability Conference & Exposition II, pages 367- 373, 2001
8 Y. Fang, R. H. Katz, and T. V. Lakshman. Gigabit rate packet pattern-matching using team. In ICNP, pages 174-183, 2004
9 S. Kumar, S. Dharmapurikar, F. Yu, p. Crowley, and J. S. Turner. Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In SIGCOMM, pages 339-350, 2006
10 Y. H. Cho and W. H. Mangione-Smith. Deep packet filter with dedicated logic and read only memories. FCCM, 00:125-134, 2004
11 S. Yoon, B. Kim, and J. Qh. High-performance stateful intrusion detection system. In IEEE, Computational Intelligence and Security, volume 01, pages 574-579, 2006
12 Virtex-II Platform FPGAs: Complete Data Sheet. 2005. http:/direet.xilinx.com/bvdocs/publications/ds031.pdf
13 R. S. Boyer and J. S. Moore. A fast string searching algorithm. Communications of the ACM., 20(10):761-772, 1977
14 Intel. Intel 2800 network processor, hardware reference manual. Jan. 2004
15 C. IOS. Intrusion prevention systems deployment guide. http://www.cisco.com/
16 J. Kruskal, On the shortest spanning subtree of a graph and traveling salesman problem. The American Mathematical Society, 7:45-50,1956
17 P. Wheeler and E. W. Fulp. A taxonomy of parallel techniques for intrusion detection. In A CM Southeast Regional Conference, pages 278-282, 2007
18 M. Attig and J. W. Lockwood. Sift: Snort intrusion ?lter for tcp, In Hot Interconnects, pages 121-127. IEEE Computer Society, 2005
19 S. Dharmapurikar, P, Krishnamurthy, T. S. Sproull, and J. W. Lockwood. Deep packet inspection using parallel bloom filters, IEEE Micro, 24(1):52-61, 2004   DOI   ScienceOn
20 S. Wu and U. Manber. A fast algorithm for multi pattern searching. Technical Report TR-94-17, Department of Computer Science, University of Arizona, 1994
21 A. V. Aho and M. J. Corasick, Efficient string matching: An aid to bibliographic search. Commun, ACM, 18(6):333-340, 1975   DOI   ScienceOn
22 L7-filter. Application layer packet classifier. http://17filter.sourceforge.net/
23 M. Alicherry, M. Muthuprasanna, and V. Kumar. High speed pattern matching for network ids/ips. In ICNP, pages 187-196, 2006
24 Z. K. Baker and V. K. Prasanna. Automatic synthesis of e?cient intrusion detection systems on fpgas. In FPL, pages 311-321, 2004
25 B. Commentz-Walter. A string matching algorithm fast on the average. In Proceedings of ICALP, page 118132, 1979
26 S. C. I. Engine. Hardware regex acceleration ip. http://safenet-inc. com/Library/3/SafeXceI4850ProductBrief.pdf
27 S. Kumar, J. S. Turner, and J. Williams. Advanced algorithms for fast and scalable deep packet inspection. In ANCS, pages 81-92, 2006
28 S. Yusuf and W. Luk. Bitwise optimised cam for network intrusion detection systems. In FPL, pages 444-449, 2005
29 S. Antonatos, K. G. Anagnostakis, and E. P. Markatos. Generating realistic workloads for network intrusion detection systems. In WOSP, pages 207-215, 2004
30 I. Sourdis and D. Pnevmatikatos. Pre-decoded cams for e?cient and high-speed nids pattern matching. In FCCM, pages 258-267, 2004
31 Bro. Intrusion detection system. http://www broids.org/
32 C. Clark, W. Lee, D. Schimmel, D. Contis, M. Kon, and A. Thomas. A hardware platform for network intrusion detection and prevention. In Third Workshop on Network Processors and Applications, Madrid, Spain, 2004
33 G. Papadopoulos and D. N. Pnevmatikatos. Hashing + memory = low cost, exact pattern matching. In FPL, pages 39-44, 2005
34 C. R. Clark and D. E. Schimmel, Scalable pattern matching for high speed networks. In IEEE Symposium on Field-Programmable Custom Computing Machines, (FCCM), pages 249-257, 2004
35 D. Knuth. The Art of Computer Programming: Seminumerical Algorithms, volume Vol. 2, third edition. Addison-Wesley, ISBN: 0-201-89684-2, 1997
36 R. Sidhu and P. V. K. Fast regular expression matching using fpgas. In FPL, pages 484-493, 2004
37 J. E. Hopcroft, J. D. Ullman, and R. Motwani. Introduction to Automata Theory, Languages and Computation. Addison-Wesley, 2001
38 K. Lakshminarayanan, A. Rangarajan, and S. Venkatachary, Algorithms for advanced packet classi?cation with ternary cams. In SIGCOMM, pages 193-204, 2005
39 J. -S. Sung, eok Min Kang, Y. Lee, T. -G. Kwon, and B.T. Kim. A multi-gigabit rate deep packet inspection algorithm using team, In GLOCOM, pages 453- 457, 2005
40 W. de Bruijn, A. Slowinska, K. van Reeuwijk, T. Hruby, L. Xu, and H. Bas. Safecard: A gigabit ips on the network card. In RAID, pages 311-330, 2006
41 M. Rash, A. D. Orebaugh, G. Clark, B. Pinkard, and J. Babbin. Intrusion Prevention and Active Response: Deploying Network and Host IPS. Syngress, 2005
42 M. Attig, S. Dharmapurikar, and J. W. Lockwood. Implementation results of bloom ?lters for string matching. In FCCM, pages 322-323, 2004
43 G. Tripp. A finite-state-machine based string matching system for intrusion detection on high-speed networks. In EICAR 2005 Conference Proceedings, pages 26-40, May 2005
44 S. Dharmapurikar and J. Lockwood. Fast and scalable pattern matching for content filtering, In ANCS '05: Proceedings of the 2005 symposium on Architecture for networking and communications systems, pages 183 192, 2005
45 Tipping PointX0506. Tipping-point intrusion prevention systems. http://www.tippingpoint.com/products ips.html
46 M. Aldwairi, T. M. Conte, and P. D. Franzon. Configurable string matching hardware for speeding up intrusion detection. SIGARCH Computer Architecture News, 33(1): 99-107, 2005   DOI
47 Y. Sugawara, M. Inaba, and K. Hiraki. Over 10gbps string matching mechanism for multi-stream packet scanning systems. In FCCM, IEEE, pages 227-238, 2001.
48 J. van Lunteren, High-performance pattern-matching for intrusion detection. In INFOCOM, 2006
49 Y. Weinsberg, S. Tzur-David, D. Dolev, and T. Anker. High performance string matching algorithm for a network intrusion prevention system (nips). In HPSR, pages 7-pp, 2006
50 S. Singh, C. Estan, G. Varghese, and S. Savage. Automated worm ?ngerprinting. In OSDI, pages 45-60, 2004
51 D. E. Taylor. Survey and taxonomy of packet classi?cation techniques. ACM Com put. Surv., 37(3):238-275, 2005   DOI   ScienceOn