A Parallel Architecture for Stateful, High-Speed Intrusion Detection

Authors:
Luca Foschini;Ashish V. Thapliyal;Lorenzo Cavallaro;Christopher Kruegel;Giovanni Vigna
Affiliations:
Department of Computer Science, University of California, Santa Barbara;Department of Computer Science, University of California, Santa Barbara;Department of Computer Science, University of California, Santa Barbara;Department of Computer Science, University of California, Santa Barbara;Department of Computer Science, University of California, Santa Barbara
Venue:
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Year:
2008

Citing 12
Cited 4

A high-performance network intrusion detection system

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Stateful Intrusion Detection for High-Speed Networks

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
VDE: Virtual Distributed Ethernet

TRIDENTCOM '05 Proceedings of the First International Conference on Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities
Exploiting Independent State For Network Intrusion Detection

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
An Active Splitter Architecture for Intrusion Detection and Prevention

IEEE Transactions on Dependable and Secure Computing
Co-ordinated port scans: a model, a detector and an evaluation methodology

Co-ordinated port scans: a model, a detector and an evaluation methodology
Bro: a system for detecting network intruders in real-time

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Elections in a Distributed Computing System

IEEE Transactions on Computers
Validity of the single processor approach to achieving large scale computing capabilities

AFIPS '67 (Spring) Proceedings of the April 18-20, 1967, spring joint computer conference
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
A Memory-Efficient Parallel String Matching Architecture for High-Speed Intrusion Detection

IEEE Journal on Selected Areas in Communications

Network-wide deployment of intrusion detection and prevention systems

Proceedings of the 6th International COnference
Modeling a distributed intrusion detection system using collaborative building blocks

ACM SIGSOFT Software Engineering Notes
MIDeA: a multi-parallel intrusion detection architecture

Proceedings of the 18th ACM conference on Computer and communications security
Wild-Inspired Intrusion Detection System Framework for High Speed Networks f|p IDS Framework

International Journal of Information Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

The increase in bandwidth over processing power has made stateful intrusion detection for high-speed networks more difficult, and, in certain cases, impossible. The problem of real-time stateful intrusion detection in high-speed networks cannot easily be solved by optimizing the packet matching algorithm utilized by a centralized process or by using custom-developed hardware. Instead, there is a need for a parallel approach that is able to decompose the problem into subproblems of manageable size. We present a novel parallel matching algorithm for the signature-based detection of network attacks. The algorithm is able to perform stateful signature matching and has been implemented only using off-the-shelf components. Our initial experiments confirm that, by making the rule matching process parallel, it is possible to achieve a scalable implementation of a stateful, network-based intrusion detection system.