Přístupnostní navigace
E-přihláška
Vyhledávání Vyhledat Zavřít
Detail publikace
ŠIŠMIŠ, L. KOŘENEK, J.
Originální název
Analysis of TLS Prefiltering for IDS Acceleration
Typ
článek ve sborníku ve WoS nebo Scopus
Jazyk
angličtina
Originální abstrakt
Network intrusion detection systems (IDS) and intrusion prevention systems (IPS) have proven to play a key role in securing networks. However, due to their computational complexity, the deployment is difficult and expensive. Therefore, many times the IDS is not powerful enough to handle all network traffic on high-speed network links without uncontrolled packet drop. High-speed packet processing can be achieved using many CPU cores or an appropriate acceleration. But the acceleration has to preserve the detection quality and has to be flexible to handle ever-emerging security threats. One of the common acceleration methods among intrusion detection/prevention systems is the bypass of encrypted packets of the Transport Layer Security (TLS) protocol. This is based on the fact that IDS/IPS cannot match signatures in the packet encrypted payload. The paper provides an analysis and comparison of available TLS bypass solutions and proposes a high-speed encrypted TLS Prefilter for further acceleration. We are able to demonstrate that using our technique, the IDS performance has tripled and at the same time detection results have resulted in a lower rate of false positives. It is designed as a software-only architecture with support for commodity cards. However, the architecture allows smooth transfer of the proposed method to the HW-based solution in Field-programmable gate array (FPGA) network interface cards (NICs).
Klíčová slova
IDS, TLS, DPDK, Prefilter, Suricata, Performance, Acceleration, Throughput, Measurements
Autoři
ŠIŠMIŠ, L.; KOŘENEK, J.
Vydáno
21. 3. 2023
Nakladatel
Springer Nature Switzerland AG
Místo
Madrid
ISBN
978-3-031-28485-4
Kniha
Passive and Active Measurement 2023
Edice
Lecture Notes in Computer Science
ISSN
0302-9743
Periodikum
Ročník
2023
Číslo
13882
Stát
Spolková republika Německo
Strany od
85
Strany do
109
Strany počet
25
URL
https://link.springer.com/chapter/10.1007/978-3-031-28486-1_5
BibTex
@inproceedings{BUT185697, author="Lukáš {Šišmiš} and Jan {Kořenek}", title="Analysis of TLS Prefiltering for IDS Acceleration", booktitle="Passive and Active Measurement 2023", year="2023", series="Lecture Notes in Computer Science", journal="Lecture Notes in Computer Science", volume="2023", number="13882", pages="85--109", publisher="Springer Nature Switzerland AG", address="Madrid", doi="10.1007/978-3-031-28486-1\{_}5", isbn="978-3-031-28485-4", issn="0302-9743", url="https://link.springer.com/chapter/10.1007/978-3-031-28486-1_5" }