Snort offloader: a reconfigurable hardware NIDS filter

Author

Song, Haoyu ; Sproull, Todd ; Attig, Mike ; Lockwood, John

Author_Institution

Dept. of Comput. Sci. & Eng., Washington Univ. in St. Louis, MO, USA

fYear

2005

fDate

24-26 Aug. 2005

Firstpage

493

Lastpage

498

Abstract

Software-based network intrusion detection systems (NIDS) often fail to keep up with high-speed network links. In this paper an FPGA-based pre-filter is presented that reduces the amount of traffic sent to a software-based NIDS for inspection. Simulations using real network traces and the Snort rule set show that a pre-filter can reduce up to 90% of network traffic that would have otherwise been processed by Snort software. The projected performance enables a computer to perform real-time intrusion detection of malicious content passing over a 10 Gbps network using FPGA hardware that operates with 10 Gbps of throughput and software that needs only to operate with 1 Gbps of throughput.

Keywords

fault tolerant computing; field programmable gate arrays; filters; reconfigurable architectures; security of data; telecommunication congestion control; FPGA hardware; FPGA-based pre-filter; NIDS filter; Snort offloader; Snort rule set; Snort software; high-speed network links; malicious content passing; network intrusion detection systems; network traffic; real network traces; real-time intrusion detection; reconfigurable hardware; software-based NIDS; Computational modeling; Computer networks; Filters; Hardware; High-speed networks; Inspection; Intrusion detection; Telecommunication traffic; Throughput; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

Field Programmable Logic and Applications, 2005. International Conference on

Print_ISBN

0-7803-9362-7

Type

conf

DOI

10.1109/FPL.2005.1515770

Filename

1515770