• DocumentCode
    2001789
  • Title

    YACA: Yet Another Cluster-Based Architecture for Network Intrusion Prevention

  • Author

    He, Fei ; Qi, Yaxuan ; Xue, Yibo ; Li, Jun

  • Author_Institution
    Dept. of Autom., Tsinghua Univ., Beijing, China
  • fYear
    2010
  • fDate
    6-10 Dec. 2010
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    Inline stateful and deep inspection for network intrusion prevention system (NIPS) is progressively challenging to cope with the fast growing volume and ever increasing complexity of network traffic. Traditional cluster-based architectures provide a solution for scalable and high performance NIPS, but with some common limitations. This paper proposed yet another cluster-based architecture (YACA) with a stateful traffic splitter. As an architectural approach for building a high performance NIPS, we present a novel design of stateful traffic splitter. The performance of its network processor implemented prototype demonstrates that such a design is suitable for the proposed architecture.
  • Keywords
    telecommunication security; telecommunication traffic; NIPS; cluster based architecture; network intrusion prevention system; network processor; network traffic; traffic splitter; Correlation; Data structures; Engines; Hardware; Intrusion detection; Load management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE
  • Conference_Location
    Miami, FL
  • ISSN
    1930-529X
  • Print_ISBN
    978-1-4244-5636-9
  • Electronic_ISBN
    1930-529X
  • Type

    conf

  • DOI
    10.1109/GLOCOM.2010.5684122
  • Filename
    5684122
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2001789