• DocumentCode
    1839361
  • Title

    Design of SPI module in large-scale network

  • Author

    Yoon, Seungyong ; Oh, Jintae ; Jang, Jongsoo

  • Author_Institution
    Electron. & Telecommun. Res. Inst.
  • Volume
    3
  • fYear
    2006
  • fDate
    20-22 Feb. 2006
  • Lastpage
    1711
  • Abstract
    One of the major problems and limiting factor with network-based IDS(NIDS) is the high false positive alert rate. In order to reduce these false positive alerts, a lot of methods and techniques are proposed. Stateful packet inspection (SPI) is one of these solutions. Stateless IDSs generate tremendous false positive alerts while stick or snot attempts to attack. Most existing NIDS have SPI modules which supports statefulness but they don´t satisfy high-performance in gigabit Internet environment. To solve this problem, we propose a hardware based SPI module that supports up to 1 million connections with 2-step state management scheme in this paper
  • Keywords
    Internet; computer network management; modules; security of data; 2-step state management scheme; false positive alert rate; gigabit Internet environment; hardware based SPI module design; intrusion detection; large-scale network; limiting factor; network-based IDS; snot attempts; stateful packet inspection; stateless IDS; Field programmable gate arrays; Hardware; Inspection; Intelligent networks; Internet; Intrusion detection; Large-scale systems; Resource management; Telecommunication traffic; Testing; Network Intrusion Detection; Session Tracking; Stateful Packet Inspection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Advanced Communication Technology, 2006. ICACT 2006. The 8th International Conference
  • Conference_Location
    Phoenix Park
  • Print_ISBN
    89-5519-129-4
  • Type

    conf

  • DOI
    10.1109/ICACT.2006.206317
  • Filename
    1625922
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1839361