Publication detail

Hardware Acceleration of Intrusion Detection Systems for High-Speed Networks

KUČERA, J. KEKELY, L. PUŠ, V. PIECEK, A. KOŘENEK, J.

Original Title

Hardware Acceleration of Intrusion Detection Systems for High-Speed Networks

Type

conference paper

Language

English

Original Abstract

Intrusion Detection Systems (IDS) are among popular technologies for securing computer networks. However, their high computational complexity makes it hard to meet performance goals of modern high-speed networks. This paper aims at an acceleration of IDS by informed packet discarding. Focusing the limited computational resources available to IDS towards only the most relevant parts of incoming traffic and offloading (bypassing) the rest. We show that this controlled (informed) discarding of well-defined traffic portions helps IDS to achieve better results and compare software and FPGA accelerated discarding implementations.

Keywords

Suricata IDS, high-speed networks, hardware acceleration

Authors

KUČERA, J.; KEKELY, L.; PUŠ, V.; PIECEK, A.; KOŘENEK, J.

Released

6. 8. 2018

Publisher

Association for Computing Machinery

Location

Ithaca, NY

ISBN

978-1-4503-5902-3

Book

Proceedings of the 2018 Symposium on Architectures for Networking and Communications Systems

Pages from

177

Pages to

178

Pages count

2

URL

BibTex

@inproceedings{BUT155038,
  author="Jan {Kučera} and Lukáš {Kekely} and Viktor {Puš} and Adam {Piecek} and Jan {Kořenek}",
  title="Hardware Acceleration of Intrusion Detection Systems for High-Speed Networks",
  booktitle="Proceedings of the 2018 Symposium on Architectures for Networking and Communications Systems",
  year="2018",
  pages="177--178",
  publisher="Association for Computing Machinery",
  address="Ithaca, NY",
  doi="10.1145/3230718.3232114",
  isbn="978-1-4503-5902-3",
  url="https://www.fit.vut.cz/research/publication/11796/"
}

Documents