Detail publikace

Intrusion Detection System Intended for Multigigabit Networks

KOŘENEK, J. KOBIERSKÝ, P.

Originální název

Intrusion Detection System Intended for Multigigabit Networks

Typ

článek ve sborníku mimo WoS a Scopus

Jazyk

angličtina

Originální abstrakt

Network intrusion detection systems (IDS) are becoming an important toolfor securing critical information and infrastructure. Currentsoftware-based IDS often fails to keep up with high-speed network links soa hardware based IDS is requested. This paper deals with design andimplementation of complete hardware accelerated IDS solution based onField-Programmable Gate Array (FPGA). Core generator for automatic mappingof IDS rules to FPGA logic was designed to assure fast packetclassification and high speed pattern matching. Proposed architecture hasbeen evaluated on a COMBO6X card with FPGA Virtex-II Pro. Using COMBO6Xcard theoretical throughput 6.4~Gbps was achieved for all Snort rules. Thedesigned system can be configured by rules described in Snort format usingweb interface.

Klíčová slova

Traffic Scanner, Snort, IDS, pattern matching

Autoři

KOŘENEK, J.; KOBIERSKÝ, P.

Rok RIV

2007

Vydáno

24. 8. 2007

Nakladatel

IEEE Computer Society

Místo

Krakow

ISBN

978-1-4244-1161-0

Kniha

2007 IEEE Design and Diagnostics of Electronic Circuits and Systems

Strany od

361

Strany do

364

Strany počet

4

BibTex

@inproceedings{BUT28816,
  author="Jan {Kořenek} and Petr {Kobierský}",
  title="Intrusion Detection System Intended for Multigigabit Networks",
  booktitle="2007 IEEE Design and Diagnostics of Electronic Circuits and Systems",
  year="2007",
  pages="361--364",
  publisher="IEEE Computer Society",
  address="Krakow",
  isbn="978-1-4244-1161-0"
}