Title :
Architecture for a hardware based, TCP/IP content scanning system [intrusion detection system applications]
Author :
Schuehler, David V. ; Moscola, James ; Lockwood, John
Author_Institution :
Appl. Res. Lab., Washington Univ., DC, USA
Abstract :
Hardware assisted intrusion detection systems and content scanning engines are needed to process data at multiGigabit line rates. These systems, when placed within the core of the Internet, are subject to millions of simultaneous flows, with each flow potentially containing data of interest. Existing IDS systems are not capable of processing millions of flows at Gigabit-per-second data rates. This paper describes an architecture which is capable of performing complete, stateful, payload inspections on 8 million TCP flows at 2.5 Gigabits-per-second. To accomplish this task, a hardware circuit is used to combine a TCP protocol processing engine, a per flow state store, and a content scanning engine.
Keywords :
Internet; packet switching; telecommunication network routing; telecommunication security; transport protocols; 2.5 Gbit/s; IDS systems; TCP flows; TCP protocol processing engine; hardware assisted intrusion detection; hardware based TCP/IP content scanning system; intrusion detection systems; packet routing; per flow state store; stateful payload inspection; Bandwidth; Hardware; Inspection; Internet; Intrusion detection; Monitoring; Protocols; Search engines; TCPIP; Telecommunication traffic;
Conference_Titel :
High Performance Interconnects, 2003. Proceedings. 11th Symposium on
Print_ISBN :
0-7695-2012-X
DOI :
10.1109/CONECT.2003.1231483
