Browse > Article

An Implementation of Network Intrusion Detection Engines on Network Processors  

Cho, Hye-Young (한국과학기술정보연구원 슈퍼컴퓨팅센터)
Kim, Dae-Young (한국정보통신대학교 공학부)
Publication Information
Journal of KIISE:Information Networking / v.33, no.2, 2006 , pp. 113-130 More about this Journal
Abstract
Recently with the explosive growth of Internet applications, the attacks of hackers on network are increasing rapidly and becoming more seriously. Thus information security is emerging as a critical factor in designing a network system and much attention is paid to Network Intrusion Detection System (NIDS), which detects hackers' attacks on network and handles them properly However, the performance of current intrusion detection system cannot catch the increasing rate of the Internet speed because most of the NIDSs are implemented by software. In this paper, we propose a new high performance network intrusion using Network Processor. To achieve fast packet processing and dynamic adaptation of intrusion patterns that are continuously added, a new high performance network intrusion detection system using Intel's network processor, IXP1200, is proposed. Unlike traditional intrusion detection engines, which have been implemented by either software or hardware so far, we design an optimized architecture and algorithms, exploiting the features of network processor. In addition, for more efficient detection engine scheduling, we proposed task allocation methods on multi-processing processors. Through implementation and performance evaluation, we show the proprieties of the proposed approach.
Keywords
Intrusion Detection System; Network Processor; Snort; IXP1200;
Citations & Related Records
연도 인용수 순위
  • Reference
1 R. Sidhu and V. K. Prasanna, 'Fast Regular Expression Matching using FPGAs,' IEEE Symposium on Field-Programmable Custom Computing Machines(FCCM01), 2001
2 Jitsu, Packet Excalibur, version 1.0. GPL, 2002
3 MIT Lincoln Lab homepage, DARPA Intrusion Detection Evaluation, available at http://www.ll. mit.edu
4 RadiSys corporation, 'ENP-2506 Hardware Reference,' 2002
5 E. Yeh, H. Chao, V. Mannem, J. Gervais, and B. Booth, 'Introduction to TCP/IP Offload Engine,' April 2002
6 H. Cho, D. Kim, J. Kim, Y. Doh and J. Jang, 'Network Processor based High-speed Network Intrusion Detection System,' LNCS 3090, pp. 973-982, 2004
7 M. Roesch, snort source, version 1.8.6, available at www.snort.org, 2002
8 Z. Tan, C. Lin, H. Yin and B. Li, 'Optimization and benchmark of cryptographic algorithms on network processors,' IEEE Micro vol.24, pp.55-69, 2004   DOI   ScienceOn
9 I. Charitakis, K. Anagnostakis, and E. Markatos 'An Active Traffic Splitter Architecture for Intrusion Detection,' Proceedings of the IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, pp.238-241, Orlando Florida, October 2003   DOI
10 Intel corporation, Intel Network Processors product information
11 Teja Technologies, Inc, available at http://www. teja.com
12 Network Processing Forum hornepage, available at http://www.npforum.org
13 N. Desai, 'Increasing Performance In High Speed NIDS,' A look at Snort's Internals, 2002
14 X. Nie, U. Nordqvkt, L. Gazsi and D. Liu, 'Network Processors for Access Network(NP4AN): Trends and Challenges,' IEEE International Symposium on System-on-chip(SOC2004), 2004   DOI
15 C. Sheng, Z. Xu, C. Yingxin and D. Wei, 'Implementation of 10Gigabit Packet Switching Using IXP Network Processors,' IEEE International Conference on Communications Technology (ICCT2003), vol.1 , pp.532-535, 2003   DOI
16 E. Grosse and L. Y. N., 'Network Processors Applied to IPv4/IPv6 Transition,' IEEE Network, vol.17, 2003   DOI   ScienceOn
17 Y. Chen and S. Lee, 'An Efficient Packet Classification Algorithm for Network Processors,' IEEE International Conference on Communications (ICC2003), vol.3, pp.1596-1600, 2003   DOI
18 Y. Tang, L. Qian, B. Bou-Diab, A. Krishnamurthy, G. Damm, and Y. Wang, 'High-Performance Implementation for Graph-Based Packet Classification Algorithm on Network Processor,' IEEE International Conference on Communications (ICC2004), vol.2, pp.1268-1272, 2004
19 Motorola corporation, 'C-port Documentation,' 2002
20 IBM homepage, available at http://www.ibm.com
21 Agere systems, 'PyaloadPlus Routing Switch Processor,' 2002
22 H. Debar, M. Dacier, and A. Wespi, 'Towards a taxonomy of intrusion detection system,' Computer Networks, Vol.31 , No.8, pp.805-822, 1990   DOI   ScienceOn
23 Agere systems, 'NP-Complete Fore agere System PayloadPlus Family of Network Processor,' 2002
24 R. S. Boyer, and J. S. Moore, 'A Fast String Searching Algorithm,' Comm. ACM 20, 10, pp. 761-772, 1977   DOI   ScienceOn
25 Intel corporation homepage, available at http://www.intel.com
26 COAST(Computer Operations, Audit, and Security Technology), available at http://www.cerias.purdue. edu /coast/coast.html
27 Snort 홈페이지, available at http://www.snort.org
28 Korea Information Security Agency, available at http://www.kisa.or.kr
29 B. Mukherjee, L. T. Heberlein, and K. N. Levitt, 'Network Intrusion Detection,' IEEE Network, Volume 8, Issue 3, pp.26-41, 1994   DOI   ScienceOn