SANS: a scalable architecture for network intrusion prevention with stateful frontend

Authors:
Fei He;Yaxuan Qi;Yibo Xue;Jun Li
Affiliations:
Tsinghua University, Beijing, China;Tsinghua University, Beijing, China;Tsinghua University, Beijing, China and Tsinghua National Lab for Information Science and Technology, Beijing, China;Tsinghua University, Beijing, China and Tsinghua National Lab for Information Science and Technology, Beijing, China
Venue:
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Year:
2009

Citing 2
Cited 1

Packet pre-filtering for network intrusion detection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

OASis: towards extensible open-architecture services platforms

Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Inline stateful and deep inspection for intrusion prevention is becoming more challenging due to the increase in both the volume of network traffic and the complexity of the analysis requirements. In this work, we pursue a novel architectural approach, named SANS, which takes both the advantage of new generation network processors for packet-header-based processing and the advantage of commodity x86 platforms for packet payload data processing. A session table scheme is designed for the stateful frontend in SANS to achieve wire speed inline processing.