題名: | Rule Set Decomposition for Hardware Network Intrusion Detection |
作者: | Ramirez, Timothy Lo, Chia-Tien Dan |
期刊名/會議名稱: | 2004 ICS會議 |
摘要: | This paper describes the work being done to minimize hardware requirements for a hardware-assisted Network Intrusion Detection System(NIDS). This system will use a core Intrusion Detection System(IDS) in a distributed manner. The distribution is beneficial for two reasons. First, the system will not have a single point at which an attacker can direct attack traffic for the purpose of overloading the IDS. Second, due to the number of attacks and corresponding signatures it is not feasible to design a system using programmable hardware that reconnizes all signatures. The NIDS Snort will be augmented by passing the packet matching function to a Field Programmabe Gate Array(FPGA). Snort's rule set consists of tens of hundard of "signatures" and is decomposed to minimize the capacity of FPGAs necessary to implement the entire rule set. The circuit is based on a Finite Automaton where each character represents a state. First, the rules are broken down to common groups that share similar characters. These groups are then used to decompose the entire rule set into logical sets whose patterns can be matched with a simple string matching circuit. After reducing the rule set by taking advantage of character repetition we are left with about 51% of the states necessary to match all of the patterns. This state reduction translates to a smaller circuit used to match all of the patterns and the circuit can be implemented in as few devices as possible. |
日期: | 2006-10-16T03:38:14Z |
分類: | 2004年 ICS 國際計算機會議 |
文件中的檔案:
檔案 | 描述 | 大小 | 格式 | |
---|---|---|---|---|
ce07ics002004000212.pdf | 329.6 kB | Adobe PDF | 檢視/開啟 |
在 DSpace 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。