A Novel Hardware Architecture with High Accuracy and Low Power for Intrusion Detection Engine
Network intrusion detection system (NIDS) is an indispensable part of modern information networks security defense architecture. To use snort, a Lightweight Intrusion Detection System 1, to detect malicious activities over the network or in a host computer, we need classify network packets using signatures firstly, based on the header fields. Besides, we need a deep packet content string matching to make sure the packet was exactly malicious according to the snort rules. This paper proposes a novel hardware-based architecture of snort intrusion detection engine with high accuracy and low power.
NIDS Snort packets classification TCAM Tree Bitmap deep packets inspection Split Aho_Corasick
HUANG Peng LIU Wei GUO Yuanbo
Institute of Electronic Technology, the PLA Information Engineering University, Zhengzhou 450004, China
国际会议
第八届国际测试技术研讨会(8th International Symposium on Test and Measurement)
重庆
英文
3464-3467
2009-08-01(万方平台首次上网日期,不代表论文的发表时间)