Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2007.14-C.3.209

The Design and Implementation of High Performance Intrusion Prevention Algorithm based on Signature Hashing  

Wang, Jeong-Seok (숭실대학교 전자공학과)
Jung, Yun-Jae (숭실대학교 전자공학과 대학원)
Kwon, H-Uing (숭실대학교 전자공학과)
Chung, Kyu-Sik (숭실대학교 정보통신전자공학부)
Kwak, Hu-Keun (숭실대학교 전자공학과 대학원)
Publication Information
The KIPS Transactions:PartC / v.14C, no.3, 2007 , pp. 209-220 More about this Journal
Abstract
IPS(Intrusion Prevention Systems), which is installed in inline mode in a network, protects network from outside attacks by inspecting the incoming/outgoing packets and sessions, and dropping the packet or closing the sessions if an attack is detected in the packet. In the signature based filtering, the payload of a packet passing through IPS is matched with some attack patterns called signatures and dropped if matched. As the number of signatures increases, the time required for the pattern matching for a packet increases accordingly so that it becomes difficult to develop a high performance US working without packet delay. In this paper, we propose a high performance IPS based on signature hashing to make the pattern matching time independent of the number of signatures. We implemented the proposed scheme in a Linux kernel module in a PC and tested it using worm generator, packet generator and network performance measure instrument called smart bit. Experimental results show that the performance of existing method is degraded as the number of signatures increases whereas the performance of the proposed scheme is not degraded.
Keywords
IPS; Signature based Filtering; Signature Hashing;
Citations & Related Records
연도 인용수 순위
  • Reference
1 I. Sourdis and D.Pnevmatikatos, 'Pre-decoded CAMs for Efficient and High-Speed NIDS Pattern Matching', The 12th Annual IEEE Symposium on Field Programmable Custom Computing Machines, Apr., 2004   DOI
2 김선일, '네트워크 침입방지 시스템을 위한 고속 패턴 매칭 가속 시스템', 정보처리학회논문지 A, 제12-A권 제2호, Apr., 2005   과학기술학회마을
3 J. Moscola, J. Lockwood, R. P. Loui, and M. Pachos, 'Implementation of a Content-Scanning Module for an Internet Firewall', The 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Apr., 2003
4 M. Gokhale, D. Dubois, A. Dubois, M. Boorman, S. Poole, and V. Hogsett, 'Granidt: Towards Gigabit Rate Network Intrusion Detection Technology', The 12th International Conference on Field-Programmable Logic and Applications, Sep., 2002   DOI
5 I. Sourdis and D.Pnevmatikatos, 'Fast, Lage-Scale String Match for a 10Gbps FPGA-based Network Intrusion Detection System', The 13th International Conference on Field Programmable Logic and Application, Sep., 2003   DOI
6 정보흠, '침입방지시스템 기술 현황 및 전망', 주간기술동향 통권 1098호, June. 2003
7 X. Zhang, C.Li, and W.Zheng, 'Intrusion Prevention System Design', Proceedings of the Fourth International Conference on Computer and Information Technology, Sep., 2004   DOI
8 Y.H. Cho, S. Navab, and W. H. Mangione-Smith, 'Specialized Hardware for Deep Network Packet Filtering', The International Conferene on Field Programmable Logic and Applications, Sep., 2002   DOI   ScienceOn
9 Netfilter, http://www.netfilter.org
10 A. Aho, M. Corasick, 'Efficient string matching: an aid to biliographic search', Comm. ACM. 18:333-40, 1975   DOI   ScienceOn
11 S. Dharmapurikar, P.Krishnamurthy, T.Sproull, and J.W. Lockwood, 'Deep Packet Inspection Using Parallel Bloom Filters', The International Symposium on High Performance Interconnects (HotI), Aug., 2003
12 Snort. http://www.snort.org/
13 Smartbits, http://www.spirentcom.com/
14 전용희, '침입방지시스템(IPS)의 기술 분석 및 성능평가 방안', 정보보호학회지, 제15권, 제2호, Apr., 2005   과학기술학회마을
15 An NSS Group Report V 1.0, 'Intrusion Prevention Systems(IPS), Group Test', NSS, Jan., 2004
16 J. Lockwood, 'Fast and Scalable Pattern Matching for Content Filtering', Architectures for Networking and Communication System(ANCS), Oct., 2005   DOI