Yueming Hu

DOI: https://doi.org/10.1007/1-4020-4933-1_10

2006-01-01

Abstract:One of the challenges on Internet intrusion detection (ID) is detecting the intrusion on high-speed networks. To cope with the intrusion on gigabit Ethernet or higher network links, the ID devices must utilize high-speed hardware, parallel structure and efficient algorithms. This paper presents a parallel approach of ID scheme based on network processor, the embedded processor for network devices. In this approach, packets from the network flow through multiple network processors. Within the network processor, multiple network processing engines are used to process the network data in parallel, each network processor/processing engine detect the packet flow for a subset of intrusion signature. The ID scheme is a MISD parallel mode. Data flow from the network is a single packet flow, and the detection device is a multiprocessor structure with different programs.

Fei Yu,XiaoPing Dai,Yue Shen,Huang Huang,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICSSSM.2005.1500110

2005-01-01

Abstract:The problem in network security presently is how to get real-time intrusion detection and alert. In the paper, we design Intrusion Detection System architecture and arithmetic again, meanwhile put forward an improved pattern matching arithmetic based on protocol analysis and theorization machine on Frete. New architecture can use network processor to collect and analyze data in network bottom, which enhance the speed and efficiency in Detection System.

W Yang,BX Fang,B Liu,HL Zhang

DOI: https://doi.org/10.1016/j.comcom.2004.03.001

IF: 5.047

2004-01-01

Computer Communications

Abstract:The increasing network throughput challenges the current Network Intrusion Detection Systems (NIDS) to have compatible high-performance data processing. In this paper, we describe an in-depth research on the related techniques of high-performance network intrusion detection and an implementation of a Rule-based High-performance Network Intrusion Detection System (RHPNIDS) for high-speed networks. By integrating several performance optimizing methods, the performance of RHPNIDS is very impressive compared with the popular open source NIDS Snort.

Haiguang Lai,Shengwen Cai,Hao Huang,Junyuan Xie,Hui Li

DOI: https://doi.org/10.1007/978-3-540-24852-1_32

2004-01-01

Abstract:The process speed of network-based intrusion detection systems (NIDSs) is still low compared with the speed of networks. As a result, few NIDS is applicable in a high-speed network. A parallel NIDS for high-speed networks is presented in this paper. By dividing the overall traffic into small slices, several sensors can analyze the traffic concurrently and significantly increase the process speed. For most attacks, our partition algorithm ensures that a single slice contains all the evidence necessary to detect a specific attack, making sensor-to-sensor interaction unnecessary, Meanwhile, by making use of the character of the network traffic, the algorithm can also dynamically balance all sensors' loads. To keep the system as simple as possible, a specific sensor is used to detect the scan and the DoS attack. Although only one sensor is used for this kind of attacks, we argue that our system can still provide high process ability....

Xianghong Hu,Hongmin Huang,Xueming Li,Xin Zheng,Qinyuan Ren,Jingyu He,Xiaoming Xiong

DOI: https://doi.org/10.1145/3530818

2022-01-01

ACM Transactions on Embedded Computing Systems

Abstract:Deep convolutional neural networks (DNNs) have been widely used in many applications, particularly in machine vision. It is challenging to accelerate DNNs on embedded systems because real-world machine vision applications should reserve a lot of external memory bandwidth for other tasks, such as video capture and display, while leaving little bandwidth for accelerating DNNs. In order to solve this issue, in this study, we propose a high-throughput accelerator, called reconfigurable tiny neural network accelerator (ReTiNNA), for the bandwidth-limited system and present a real-time object detection system for the high-resolution video image. We first present a dedicated computation engine that takes different data mapping methods for various filter types to improve data reuse and reduce hardware resources. We then propose an adaptive layer-wise tiling strategy that tiles the feature maps into strips to reduce the control complexity of data transmission dramatically and to improve the efficiency of data transmission. Finally, a design space exploration (DSE) approach is presented to explore design space more accurately in the case of insufficient bandwidth to improve the performance of the low-bandwidth accelerator. With a low bandwidth of 2.23 GB/s and a low hardware consumption of 90.261K LUTs and 448 DSPs, ReTiNNA can still achieve a high performance of 155.86 GOPS on VGG16 and 68.20 GOPS on ResNet50, which is better than other state-of-the-art designs implemented on FPGA devices. Furthermore, the real-time object detection system can achieve a high object detection speed of 19 fps for high-resolution video.

Wei Wei

2007-01-01

Abstract:Network Intrusion Detection System (NIDS) is an important and practical tool for network security. To guarantee a precise detection the NIDS must detect packets at a wire speed. However, with the recent trend of high-speed networks, the capability of a single NIDS can not meet the speed’s demand, resulting in rising of false negatives. To promote the NIDS performance and efficiency, present studies on IDSs for high-speed network monitoring have begun to choose the distributed architecture as an alterative, first suggested by Christopher Kruegel et al . In such a design, the incoming network traffic is disseminated to a pool of sensors, which process a fraction of the whole traffic, reducing the possibility of packet loss caused by overload.

蔡志平,刘书昊,王晗,曹介南,徐明

DOI: https://doi.org/10.3778/j.issn.1673-9418.1212017

2013-01-01

Abstract:The performance of single setup based network intrusion detection system (NIDS) is used to be improved by using custom hardware or modifying detection algorithms, but it wouldn’t meet the requirement for link speed up to 10 Gb/s. Parallel detection using multi detection sensors is the import way to implement the high performance intrusion detection. The parallel detection system can coordinately use multiple detection sensors to detect intrusions in parallel, which characterizes it with high performance and scalability. This paper summarizes the challenges of keeping the proof used for detecting attacks and balancing the load among sensors, and discusses various solutions to the challenges. This paper also considers the advantages of existing parallel detection technologies, proposes a uniformed parallel detection architecture (UPDA) that supports parallel detection with multi detection sensors. Based on NetMagic platform and UPDA, this paper designs and implements a parallel intrusion detection prototype system, and evaluates its performance in the network environment.

Gaolong Ma,Wen Tang

DOI: https://doi.org/10.4028/www.scientific.net/amm.263-266.2915

2012-01-01

Applied Mechanics and Materials

Abstract:With the great increasing of high-speed networks,the traditional network intrusion detection system(NIDS) has a serious problem with handling heavy traffic loads in real-time,which may result in packets loss and error detection. In this paper we will introduce the efficient load balancing scheme into NIDS and improve rule sets of the detection engine so as to make NIDS more suitable to high-speed networks environment.

Wei Lin,XiaoFei Wang,YaXuan Qi,Derek Pao,Bin Liu

DOI: https://doi.org/10.1109/INFCOMW.2009.5072152

2009-01-01

Abstract:In this paper, two-stage NIDS architecture is proposed, which aims to both increase the throughput and reduce memory cost. The contributions of this work are listed below.

Wenbin Yao,Cong Wang,Jianyi Liu,Yan Fang Si,Yixian Yang

2009-01-01

Abstract:Parallel approach is an important way to improve the performance of networked based intrusion detection system. A parallel architecture of intrusion detection system based on the ideas of combining twice data-flow partition with real-time load balancing feedback is presented. The components of data-flow partition and its optimized algorithm are designed and implemented. The experiment shows that the architecture may have higher speed and lower packet loss in high-speed network circumstance. Thus, it may raise the speed of data transmission and improve the efficiency of parallel intrusion detection.

王文奇,郑秋生,吴婷,李伟华

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.14.070

2008-01-01

Abstract:At present intrusion detection system(IDS) in high-speed network is a main point in security domain.The main problem and various restricted factors IDS faced in high-speed network is analyzed,and involved researches such as zero-copy technique and fast pattern matching model is introduced too.Finally,the distributed intrusion detection system based data-distribution is figured out as a good measure,and some remaining problems and emerging trends in this area is presented.

Chengkun Wu,Jianping Yin,Zhiping Cai,En Zhu,Jieren Cheng

DOI: https://doi.org/10.1007/978-3-642-10847-1_37

2009-01-01

Abstract:Multi-pattern search is a time-consuming task in Network Intrusion Detection Systems(NIDS). The processing ability of NIDS cannot catch up with the rapid development of network bandwidth. One intuitive idea is to use pre-filtering to reduce the workload of NIDS. Our goal is to design a novel method for per-filtering which will be ready for an efficient implementation on many-core GPU. Through statistical analysis, we propose a rudimentary method to use 2B ASCII sub patterns as the filter keywords. To reduce the size of the filter keyword set, we use Binary Integer Linear Programming(BILP) for optimization. The number of filter keywords is reduced from 4824 to 362, which is also much smaller then the prefix based and suffix based method. We argue that our method can well utilize the computation power of GPU. Experiments demonstrate that our pre-filter can achieve a good fiter ratio, thus alleviate the burden of NIDS.

WU Zhong,LIU Yan-heng,TIAN Da-xin,ZHANG Yuan-yuan

2007-01-01

Journal of Computer Applications

Abstract:The processing speed of Network Intrusion Detection systems (NIDS) is still low compared with the speed of networks. As a result, few NIDS are applicable in a high-speed network. A distributed NIDS for high-speed networks was presented in this paper. The overall traffic was divided into small slices based on Netfilter, and the algorithm of load balancing was given to ensure that a single slice contained all the necessary evidence to detect a specific attack. The results of experiments show that the packets are almost equally scattered to all NIDS, and the percentage of missed rate declined to 1/4 of single NIDS.

YU Rong,SUN Zhi,CHEN Jia,MEI Shunliang,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2005.10.022

2005-01-01

Abstract:Intrusion detection technology is an indispensable way to protect the network security.This paper presents a high-speed intrusion detection system(IDS framework based on network processor and detection cluster.Two hardware algorithms were developed for the traffic distributor.One is the high-speed data-receiving program with the IXP1200 network processor,while the other is the load balance policy based on the destination media access control(MAC address.Tests show that the first algorithm achieves more than(1 Gb/s data-capturing ability,while the second algorithm is a satisfactery trade-off between protecting information integrity and reducing computational complexity.

Ziqian Wan,Gang Liang,Tao Li

DOI: https://doi.org/10.4304/jnw.7.9.1327-1333

2012-01-01

Journal of Networks

Abstract:It is becoming increasingly hard to build an intrusion detection system (IDS), because of the higher traffic throughput and the rising sophistication of attacking. Scale will be an important issue to address in the intrusion detection area. For hardware, tomorrow’s performance gains will come from multi-core architectures in which a number of CPU executes concurrently. We take the advantage of multi-core processors’ full power for intrusion detection in this work. We present an intrusion detection system based on the Snort open-source IDS that exploits the computational power of MIPS multi-core architecture to offload the costly pattern matching operations from the CPU, and thus increase the system’s processing throughput. A preliminary experiment demonstrates the potential of this system. The experiment results indicate that this method can be used effectively to speed up intrusion detection systems.

WENG Wen-xiang,QIU Wei-dong

DOI: https://doi.org/10.3969/j.issn.1009-8054.2009.04.035

2009-01-01

Abstract:Network Intrusion Detection and Prevention Systems are full of vitality in the fight against network intrusions.Network Intrusion Prevention System(NIPS)search for certain malicious content based on signatures and filter network traffic.Matching all traffic with these signatures is a challenge to high-speed networks.In this paper,the concept of network intrusion prevention system and its features are described.Then it introduces in detail the composition and structure of Intel High-Speed Network Processor is discussed,and analyzes the basic theory of IPS analyzed.Finally,the NIPS design and an implementation based on Intel High-Speed Network Processor is given.

Xie Da-bin,Liang Gang

DOI: https://doi.org/10.3969/j.issn.1671-0428.2013.03.003

2013-01-01

Abstract:With the popularization of high-speed network,the traditional intrusion prevention system in high speed packet capture and real-time processing,has already can't meet the requirements of the performance.The paper proposed a kind of high performance intrusion prevention system,PF_RING DNA Intrusion Prevention System: PDIPS.PDIPS run on general multi-core platform,it used the PF_RING DNA technology to realize the packet capture in wire speed,at the same time,multithreading and CPU binding technology is used for parallel packets processing,to improve the overall performance.The test results show that under the same test environ-ment,PDIPS compared to traditional intrusion prevention scheme in performance has preferably improved,can adapt to the needs of the gigabit environment.

杨武,方滨兴,云晓春,张宏莉,胡铭曾

DOI: https://doi.org/10.3969/j.issn.1007-5321.2004.04.017

2004-01-01

Abstract:The performance bottleneck of the traditional network intrusion detection system (NIDS) is investigated in order to design and implement a high-performance distributed intrusion detection system (HDIDS) to detect network intruders by passively monitoring a network link. Experiments indicate that the data processing of our HDIDS is increased by about 3 times more than that of the traditional NIDS.

Zhicheng Luo,Weijia Ding,Anmin Fu,Zhiyi Zhang,Linjie Zhang

DOI: https://doi.org/10.1007/978-981-15-9129-7_5

2020-01-01

Abstract:In the era of high-speed information, network technology facilitates our life. When we enjoy the service with high quality, various new intrusion methods have also emerged. Network attacks are more challenging to be detected by security applications under the cover of large-scale flow, threatening the security of cyberspace constantly. In view of the increasingly severe security situation, this paper proposes a high-speed network attack detection framework based on feature selection optimization to overcome the difficulties. It quickly collects data packets through the design of the DPDK mechanism, combines the data sampling method based on the genetic algorithm, and the improved feature selection algorithm to optimize the training model. The integration of incremental learning increases the autonomous detection capability of the framework, which is more suitable for intricate network environments. Finally, we verified the validity of our work by experiments and simulated the actual attacks to test the detection effect in the real network.

Yizhen Liu,Daxiong Xu,Dong Liu,Lingge Sun

DOI: https://doi.org/10.1109/WKDD.2009.111

2009-01-01

Abstract:The current hardware architectures of intrusion detection system have several limitations on performance and configurability. In this paper we describe the architecture design and hardware implementation of gigabits NIDS using a programmable network processor and a FPGA co-processor. We discuss the requirements of NIDS, system hardware architecture and report measurements. In particular, we demonstrate performance improved by optimized parallel pattern match processing and efficient memory access in field programmable gate array (FPGA). We show an NIDS which can exploit our approach hardware platform, and make suggestions about implementation features that can significantly improve the performance and configurability of intrusion detection systems.