Code Generation for Packet Header Intrusion Analysis on the IXP1200 Network Processor
نویسندگان
چکیده
We present a software architecture that enables the use of the IXP1200 network processor in packet header analysis for network intrusion detection. The proposed work consists of a simple and efficient run-time infrastructure for managing network processor resources, along with the S2I compiler, a tool that generates efficient C code from highlevel, human readable, intrusion signatures. This approach facilitates the employment of the IXP1200 in network intrusion detection systems while our experimental results demonstrate that provides performance comparable to hand-crafted code.
منابع مشابه
A network intrusion detection system on IXP1200 network processors with support for large rule sets
In this paper we describe an network intrusion detection system implemented on the IXP1200 network processor. It is aimed at detecting worms at high speeds by matching the payload of network packets against worm signatures at the lowest possible levels of the processing hierarchy (the microengines of an IXP1200 network processor). The solution employs the AhoCorasick algorithm in a parallel fas...
متن کاملNP-Click: A Programming Model for the Intel IXP1200
The architectural diversity and complexity of network processor architectures motivate the need for a more natural abstraction of the underlying hardware. In this paper, we describe a programming model, NP-Click, which makes it possible to write efficient code and improve application performance without having to understand all of the details of the target architecture. Using this programming m...
متن کاملTowards Software-Based Signature Detection for Intrusion Prevention on the Network Card
CardGuard is a signature detection system for intrusion detection and prevention that scans the entire payload of packets for suspicious patterns and is implemented in software on a network card equiped with an Intel IXP1200 network processor. One card can be used to protect either a single host, or a small group of machines connected to a switch. CardGuard is non-intrusive in the sense that no...
متن کاملNetwork Processor based Router and the Cache Design: Implementation and Evaluation
High performance routers are mostly implemented with network processors because of their software programmability, hardware computation power, and high bandwidth interface design. In this paper, a 5-dimensional packet classification algorithm based on the hierarchal binary prefix search is first implemented in IXP1200 network processor. Our classification implementation is faster and smaller th...
متن کاملToward Comprehensive Traffic Generation for Online IDS Evaluation
We describe a traffic generation framework for conducting online evaluations of network intrusion detection systems over a wide range of realistic conditions. The framework integrates both benign and malicious traffic, enabling generation of IP packet streams with diverse characteristics from the perspective of (i) packet content (both header and payload), (ii) packet mix (order of packets in s...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003