A system architecture for high-speed deep packet inspection in signature-based network intrusion prevention

2007 ◽  
Vol 53 (5-6) ◽  
pp. 310-320 ◽  
Author(s):  
Sunil Kim ◽  
Jun-yong Lee
Keyword(s):  
System Architecture ◽  
High Speed ◽  
Deep Packet Inspection ◽  
Intrusion Prevention ◽  
Network Intrusion ◽  
Packet Inspection

System architecture for deep packet inspection in high-speed networks

2017 ◽  
Author(s):  
Grigory R. Khazankin ◽  
Sergey Komarov ◽  
Danila Kovalev ◽  
Artur Barsegyan ◽  
Alexander Likhachev
Keyword(s):  
System Architecture ◽  
High Speed ◽  
Deep Packet Inspection ◽  
High Speed Networks ◽  
Packet Inspection

scholarly journals THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS

2020 ◽  
Vol 3 (7) ◽  
pp. 17-30
Author(s):  
Tamara Radivilova ◽  
Lyudmyla Kirichenko ◽  
Maksym Tawalbeh ◽  
Petro Zinchenko ◽  
Vitalii Bulakh
Keyword(s):  
Load Balancing ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Intrusion Detection Systems ◽  
Deep Packet Inspection ◽  
Detection Systems ◽  
Network Intrusion ◽  
Load Imbalance ◽  
Packet Inspection

The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.

Network Intrusion Detection: Using MDLcompress for deep packet inspection

2008 ◽  
Author(s):  
E. Earl Eiland ◽  
Scott C. Evans ◽  
T. Stephen Markham ◽  
Bruce Barnett ◽  
Jeremy Impson ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Network Intrusion Detection ◽  
Deep Packet Inspection ◽  
Network Intrusion ◽  
Packet Inspection

scholarly journals Fast Packet Inspection for End-To-End Encryption

Electronics ◽  
2020 ◽  
Vol 9 (11) ◽  
pp. 1937
Author(s):  
So-Yeon Kim ◽  
Sun-Woo Yun ◽  
Eun-Young Lee ◽  
So-Hyeon Bae ◽  
Il-Gu Lee
Keyword(s):  
Information Security ◽  
Information Transfer ◽  
High Speed ◽  
Personal Data ◽  
Security System ◽  
Frame Structure ◽  
Inspection Time ◽  
Deep Packet Inspection ◽  
End To End ◽  
Packet Inspection

With the recent development and popularization of various network technologies, communicating with people at any time, and from any location, using high-speed internet, has become easily accessible. At the same time, eavesdropping, data interception, personal data leakage, and distribution of malware during the information transfer process have become easier than ever. Recently, to respond to such threats, end-to-end encryption (E2EE) technology has been widely implemented in commercial network services as a popular information security system. However, with the use of E2EE technology, it is difficult to check whether an encrypted packet is malicious in an information security system. A number of studies have been previously conducted on deep packet inspection (DPI) through trustable information security systems. However, the E2EE is not maintained when conducting a DPI, which requires a long inspection time. Thus, in this study, a fast packet inspection (FPI) and its frame structure for quickly detecting known malware patterns while maintaining E2EE are proposed. Based on the simulation results, the proposed FPI allows for inspecting packets approximately 14.4 and 5.3 times faster, respectively, when the inspection coverage is 20% and 100%, as compared with a DPI method under a simulation environment in which the payload length is set to 640 bytes.

TCP/IP Reassembly in Network Intrusion Detection and Prevention Systems

2014 ◽  
Vol 8 (3) ◽  
pp. 63-76 ◽  
Author(s):  
Xiaojun Wang ◽  
Brendan Cronin
Keyword(s):  
Intrusion Detection ◽  
Hardware Acceleration ◽  
Network Intrusion Detection ◽  
Network Interface ◽  
Deep Packet Inspection ◽  
Regular Expressions ◽  
Attack Pattern ◽  
Network Intrusion ◽  
Packet Inspection ◽  
Intrusion Detection And Prevention

Deep Packet Inspection (DPI) in Network Intrusion Detection and Prevention Systems (NIDPS) typically involves the matching of packet payloads against attack signatures in the form of fixed strings and regular expressions. As an attack pattern may span multiple IP fragments or TCP segments, accurate DPI requires that the traffic is reassembled prior to analysis of the payload data stream. Although hardware acceleration of the TCP layer, including reassembly, is well known in the form of TCP Offload Engines for Network Interface Cards, only limited research has been conducted into reassembly architectures suited to the particular requirements of DPI systems. The challenging requirements include the tracking and fragment/segment reordering of a potentially very large number of streams in addition to dealing with subtle ambiguities in IP fragmentation and TCP segmentation using target based reassembly or traffic normalization. In this article, the authors present a combined hardware and software architecture which harnesses the resources of the latest FPGA technology to improve on existing research proposals.

Sign in / Sign up

Export Citation Format

Share Document