Title :
Snort offloader: a reconfigurable hardware NIDS filter
Author :
Song, Haoyu ; Sproull, Todd ; Attig, Mike ; Lockwood, John
Author_Institution :
Dept. of Comput. Sci. & Eng., Washington Univ. in St. Louis, MO, USA
Abstract :
Software-based network intrusion detection systems (NIDS) often fail to keep up with high-speed network links. In this paper an FPGA-based pre-filter is presented that reduces the amount of traffic sent to a software-based NIDS for inspection. Simulations using real network traces and the Snort rule set show that a pre-filter can reduce up to 90% of network traffic that would have otherwise been processed by Snort software. The projected performance enables a computer to perform real-time intrusion detection of malicious content passing over a 10 Gbps network using FPGA hardware that operates with 10 Gbps of throughput and software that needs only to operate with 1 Gbps of throughput.
Keywords :
fault tolerant computing; field programmable gate arrays; filters; reconfigurable architectures; security of data; telecommunication congestion control; FPGA hardware; FPGA-based pre-filter; NIDS filter; Snort offloader; Snort rule set; Snort software; high-speed network links; malicious content passing; network intrusion detection systems; network traffic; real network traces; real-time intrusion detection; reconfigurable hardware; software-based NIDS; Computational modeling; Computer networks; Filters; Hardware; High-speed networks; Inspection; Intrusion detection; Telecommunication traffic; Throughput; Traffic control;
Conference_Titel :
Field Programmable Logic and Applications, 2005. International Conference on
Print_ISBN :
0-7803-9362-7
DOI :
10.1109/FPL.2005.1515770
