Fei Yu,XiaoPing Dai,Yue Shen,Huang Huang,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICSSSM.2005.1500110

2005-01-01

Abstract:The problem in network security presently is how to get real-time intrusion detection and alert. In the paper, we design Intrusion Detection System architecture and arithmetic again, meanwhile put forward an improved pattern matching arithmetic based on protocol analysis and theorization machine on Frete. New architecture can use network processor to collect and analyze data in network bottom, which enhance the speed and efficiency in Detection System.

Jia-chun LI,Ling ZHANG

DOI: https://doi.org/10.3321/j.issn:1000-436X.2006.z1.014

2006-01-01

Abstract:Nowadays it is hot and difficult to improve attack detection rate and processing capability of intrusion detection system on high-speed environment. Parallel IDS based on network processor (NPBPIDS) is researched and implemented in this paper. The following methods are incorporated to improve system performance: the first is the use of IXP2400 network processor, where the traffics are collected speedily and splitted so as to keep streams as evenly loaded as possible. Early filtering of no payload packets and session-oriented dynamic feedback load balancing algorithm are used in traffic splitter. The second is the use of host arrays where the content of traffics with payload are detected. The experimental results demonstrate that it is availability and feasibility.

蔡志平,刘书昊,王晗,曹介南,徐明

DOI: https://doi.org/10.3778/j.issn.1673-9418.1212017

2013-01-01

Abstract:The performance of single setup based network intrusion detection system (NIDS) is used to be improved by using custom hardware or modifying detection algorithms, but it wouldn’t meet the requirement for link speed up to 10 Gb/s. Parallel detection using multi detection sensors is the import way to implement the high performance intrusion detection. The parallel detection system can coordinately use multiple detection sensors to detect intrusions in parallel, which characterizes it with high performance and scalability. This paper summarizes the challenges of keeping the proof used for detecting attacks and balancing the load among sensors, and discusses various solutions to the challenges. This paper also considers the advantages of existing parallel detection technologies, proposes a uniformed parallel detection architecture (UPDA) that supports parallel detection with multi detection sensors. Based on NetMagic platform and UPDA, this paper designs and implements a parallel intrusion detection prototype system, and evaluates its performance in the network environment.

Ziqian Wan,Gang Liang,Tao Li

DOI: https://doi.org/10.4304/jnw.7.9.1327-1333

2012-01-01

Journal of Networks

Abstract:It is becoming increasingly hard to build an intrusion detection system (IDS), because of the higher traffic throughput and the rising sophistication of attacking. Scale will be an important issue to address in the intrusion detection area. For hardware, tomorrow’s performance gains will come from multi-core architectures in which a number of CPU executes concurrently. We take the advantage of multi-core processors’ full power for intrusion detection in this work. We present an intrusion detection system based on the Snort open-source IDS that exploits the computational power of MIPS multi-core architecture to offload the costly pattern matching operations from the CPU, and thus increase the system’s processing throughput. A preliminary experiment demonstrates the potential of this system. The experiment results indicate that this method can be used effectively to speed up intrusion detection systems.

彭蔓蔓,喻飞,李仁发

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.04.042

2004-01-01

Abstract:To change the situation of that currently the process speed of intrusion detection system can' t keep up with the high speed of network,this article proposes a new network intrusion detection system architecture by redesigning the IDS's architecture and arithmetic. The new architecture adopts the network processor to collect and analyze the date in the low level of network. It enhances the speed and efficiency of IDS and can adapt to high speed network.

Chun Jason Xue,Zili Shao,Meilin Liu,Qingfeng Zhuge,Edwin H. -M. Sha

DOI: https://doi.org/10.1007/978-3-540-77092-3_8

2007-01-01

Abstract:With the wide adoption of internet into our everyday lives, internet security becomes an important issue. Intrusion detection at the network level is an effective way of stepping malicious attacks at the source and preventing viruses and worms from wide spreading. The key component in a successful network intrusion detection system is a high performance pattern matching engine that can uncover the malicious activities in real time. In this paper, we propose a highly parallel, scalable hardware based network intrusion detection system, that can handle variable pattern length efficiently and effectively. Pattern matchings are completed in O(log M) time where M is the longest pattern length. Implementation is done on a standard off-the-shelf FPGA. Comparison with the other techniques shows promising results.

Xiang Wang,Yaxuan Qi,Baohua Yang,Yibo Xue,Jun Li

DOI: https://doi.org/10.1109/icpads.2009.109

2009-01-01

Abstract:Network intrusion prevention system (NIPS) becomes more complex due to the rapid growth of network bandwidth and requirement of network security. However existing solutions, either hardware-based or software-based cannot obtain a good tradeoff between performance and flexibility. In this paper, we propose a parallel NIPS architecture using emerging network services processor. To resolve the problems and bottlenecks of high-speed processing, we investigate the main design aspects which have dramatic impacts on most parallel network security system implementations: efficient and flexible pipeline and parallel processing, flow-level packet-order preserving, and latency hiding of deep packet inspection. To these key points, we address several optimizations and modifications with an architecture-aware design principle to guarantee high performance and flexibility of the NIPS on a network services processor implementation. Performance evaluation shows that, our prototype NIPS on Cavium OCTEON3860 processor can reach line-rate stateful inspection and multi-Gbps deep inspection performance.

Haiguang Lai,Shengwen Cai,Hao Huang,Junyuan Xie,Hui Li

DOI: https://doi.org/10.1007/978-3-540-24852-1_32

2004-01-01

Abstract:The process speed of network-based intrusion detection systems (NIDSs) is still low compared with the speed of networks. As a result, few NIDS is applicable in a high-speed network. A parallel NIDS for high-speed networks is presented in this paper. By dividing the overall traffic into small slices, several sensors can analyze the traffic concurrently and significantly increase the process speed. For most attacks, our partition algorithm ensures that a single slice contains all the evidence necessary to detect a specific attack, making sensor-to-sensor interaction unnecessary, Meanwhile, by making use of the character of the network traffic, the algorithm can also dynamically balance all sensors' loads. To keep the system as simple as possible, a specific sensor is used to detect the scan and the DoS attack. Although only one sensor is used for this kind of attacks, we argue that our system can still provide high process ability....

Zhang Jin,Feng Siling,Lu Chunyan

2009-01-01

Abstract:With the development of network application,the network bandwidth increased faster and faster,the system of network capture and filter is the key factor on function of network intrusion detection system(NIDS) as the support system of NIDS,the application of Intel IXP2400 network processor with higher functionality and higher programmable ability overcome the restriction of traditional capture and filter system with CPU architecture and combine the functionality and flexibility and achieve fast packet processing and dynamic adaptation of intrusion patterns that are continuously added.This paper provides an approach to achieve efficient data filtering with integrate multiprocessor and optimal rules set on Intel IXP2400.

YU Rong,SUN Zhi,CHEN Jia,MEI Shunliang,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2005.10.022

2005-01-01

Abstract:Intrusion detection technology is an indispensable way to protect the network security.This paper presents a high-speed intrusion detection system(IDS framework based on network processor and detection cluster.Two hardware algorithms were developed for the traffic distributor.One is the high-speed data-receiving program with the IXP1200 network processor,while the other is the load balance policy based on the destination media access control(MAC address.Tests show that the first algorithm achieves more than(1 Gb/s data-capturing ability,while the second algorithm is a satisfactery trade-off between protecting information integrity and reducing computational complexity.

Wenbin Yao,Cong Wang,Jianyi Liu,Yan Fang Si,Yixian Yang

2009-01-01

Abstract:Parallel approach is an important way to improve the performance of networked based intrusion detection system. A parallel architecture of intrusion detection system based on the ideas of combining twice data-flow partition with real-time load balancing feedback is presented. The components of data-flow partition and its optimized algorithm are designed and implemented. The experiment shows that the architecture may have higher speed and lower packet loss in high-speed network circumstance. Thus, it may raise the speed of data transmission and improve the efficiency of parallel intrusion detection.

WENG Wen-xiang,QIU Wei-dong

DOI: https://doi.org/10.3969/j.issn.1009-8054.2009.04.035

2009-01-01

Abstract:Network Intrusion Detection and Prevention Systems are full of vitality in the fight against network intrusions.Network Intrusion Prevention System(NIPS)search for certain malicious content based on signatures and filter network traffic.Matching all traffic with these signatures is a challenge to high-speed networks.In this paper,the concept of network intrusion prevention system and its features are described.Then it introduces in detail the composition and structure of Intel High-Speed Network Processor is discussed,and analyzes the basic theory of IPS analyzed.Finally,the NIPS design and an implementation based on Intel High-Speed Network Processor is given.

Tian Daxin,Xiang Yang

DOI: https://doi.org/10.1109/npc.2008.19

2008-01-01

Abstract:Integrated multi-core processors with on-chip application acceleration have established themselves as the most efficient method of powering next-generation networking platforms. New research has been conducted for addressing the issues of multi-core supported network and system security. This paper put forward an asymmetrical multiprocessing architecture multi-core supported anomaly intrusion detection system. The key idea is to use an independent core to run the intrusion detection system to monitor the host system. The detection method is based on the Hebb rule and uses libpcap to grab the network transmission packages. In the experiments, we use VMware which is configured to run the Ubuntu to simulate the IDS core. The results show that when the intrusion threshold is 0.3-0.5 the system performs best.

Zhang Wenliang,Hu Yueming,Bai Yingcai

DOI: https://doi.org/10.3969/j.issn.1007-757X.2006.05.010

2006-01-01

Abstract:IXP2400 is a new generation network processor made by Intel Corporation and Intrusion Detection is a kind of network security technology fast developing in recent years. This paper introduces two ways to implement Intrusion Detection on IXP2400 network processor and compares them with each other. Finally it gives a performance analysis of these two ways.

JM Yu,J Li

2005-01-01

Abstract:At the heart of almost every modern Network Intrusion Detection System (NIDS), there is a pattern matching engine (PME). As pattern matching is the most time consuming operation in NIDS, it is highly desired to reduce the pattern matching time of each packet or flow. This paper proposed a parallel pattern matching algorithm based on Aho-Corasick (AC) algorithm and an efficient load balance policy for it. The method is implemented on Intel's IXP2850 Network Processor (NP). Experimental results show that when using eight processors, the pattern matching time of each packet or flow can decrease to 60.44%similar to 14.42%. Based on the parallel algorithm, a PME utilizing parallel processing on three levels is proposed. Experimental results on IXP2850 show that the throughput speedup of pattern matching is 13.34 similar to 55.48 times.

Zhuojun Zhuang,Yuan Luo,Minglu Li,Chuliang Weng

DOI: https://doi.org/10.1109/chinagrid.2008.27

2008-01-01

Abstract:The processing speed of conventional network-based intrusion detection systems (NIDSs) is incompetent as to the rapid increase in network link speed. This problem imposes an emerging need for new detection technologies. In this paper, we introduce a multi-core technique which opens up another way for fast intrusion detection by proper workload partitioning and parallel detection on high-speed link. We present an abstract model of NIDS on multi-core platform and discuss the optimal solution when minimum memory occupation achieves. A preliminary example shows the model configuration and presents a first experimental evaluation.

Zhang Jin,Xu Rongsheng,Ren Yifan,Feng Siling,Lu Chunyan

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.07.033

2006-01-01

Abstract:Network Intrusion Detection System is the core equipment in information safety system.Traditional intrusion detection engines which have been implemented by either software or hardware do not have both high performance and enough flexibility.To achieve fast packet processing and dynamic adaptation of intrusion patterns that are continuously added,this paper proposes a high performance network intrusion detection system using Intel's network processor IXP2400.

YAO Jun-Xi,LIANG Gang,GONG Xun,HAN Zhong-Qiu

DOI: https://doi.org/10.3969/j.issn.0490-6756.2010.02.010

2010-01-01

Abstract:Requirements for a high-quality Intrusion Prevention System(IPS)are becoming more and more demanding with the wide use of high speed Ethernet and increasing complexity of network intrusion. By the analysis of the working principles in the traditional IPS,a improved IPS based on the multicore processor is designed and implemented.In this system,multicore processing units are divided into groups among which the data can be transmitted by building shared cache queues.In this way,IPS can work parallelized with a multicore processor.The results of our experiments demonstrate that the efficiency is greatly enhanced and that the packet loss ratio decreases.

Ziming Zhao,Zhaoxuan Li,Zhuoxue Song,Fan Zhang

DOI: https://doi.org/10.1109/rtss59052.2023.00045

2023-01-01

Abstract:Existing Deep Learning (DL)-based network Intrusion Detection System (IDS) is able to characterize sequence semantics of traffic and discover malicious behaviors. Yet DL models are often nonlinear and highly non-convex functions that are difficult for in-network real-time deployment, i.e., existing DL solutions are essentially offline analysis. In this paper, we present RIDS, a hardware-friendly Recurrent Neural Network (RNN) model that is co-designed with programmable switches. As its core, RIDS is powered by two tightly-coupled components: (i) rLearner, the RNN learning module with in-network deployability as the first-class requirement; and (ii) rEnforcer, the concrete pipeline design to realize rLearner-generated models inside the network dataplane. We implement a prototype of RIDS and evaluate it on our physical testbed. The experiments show that RIDS could satisfy both detection performance and high-speed bandwidth adaptation simultaneously, when none of the other existing approaches could do so. Inspiringly, RIDS realizes remarkable intrusion/malware detection effect (e.g., ∽99% F1 score) and model deployment (e.g., 100 Gbps per port), while only imposing nanoseconds of latency.

Hai-guang LAI,Hao HUANG,Jun-yuan XIE

2005-01-01

Journal of Computer Applications

Abstract:Network-based intrusion detection system (NIDS) detects attacks by capturing and analyzing network packets. As network band increases, NIDS can hardly keep up with the speed of networks. A method of improving NIDS' process ability using symmetric multi-processor (SMP) was proposed in the paper. Several CPUs of the system were used to process network packets in parallel to improve the performance. After analyzing NIDS' process procedure, an effective parallel processing structure was devised, which guaranteed threads on different CPUs running in parallel. Moreover, the synchronization method of threads proposed avoided the mutually exclusive access to the shared resource, which further increased the parallelity of threads, and guaranteed the correctness of the functionality of the program. Experiments show that the NIDS implemented on a SMP system with dual CPUs is almost 80% faster than the one based on a system with unique CPU.