Project Details
Abstract
In the current Internet, large number of malicious attacks and virus spread every day. In order to protect networks from attacks, Network Intrusion Detection Systems (NIDS) have been widely deployed. They monitor packets in the network and scan packet payloads to detect malicious intrusions according to the predefined rules called patterns or signatures. The number of patterns in NIDS is usually a large number, such as several thousand. It is time consuming for NIDS to check each packet to see if it contains any malicious patterns. Studies reveal that about 75% of the processing time in NIDS is spent on pattern matching. With the fast increase of network speed, NIDS have to perform pattern matching fast enough to keep up with network speed. Since software-based NIDS suffer from speed limitations, hardware-based NIDS appear to a good choice for the future Internet. Network processors provide scalable and flexible solutions to implement networking devices, such as NIDS. Therefore, this project focuses on designing high performance NIDS with network processors. In the first year, we aim to design a multi-pattern matching algorithm which can provide a significant performance improvement over state-of- the-art matching algorithms. The key idea is to build a tiny lookup table which can be stored in L1 cache of network processors, and reduce the probability of accessing the external memory. Since the latency of one external memory access is far longer than that of one L1 cache access, the time required to process a packet payload can be greatly reduced. In the second year, we plan to extend the results obtained in the first year. The objective of the matching algorithm proposed in the first year is to improve the matching performance with the minimum lookup table. However, different types of network processors have various sizes of L1 cache. The first proposed algorithm cannot achieve better performance if there is more space in L1 cache. To make the proposed matching algorithm applicable to a variety of network processors, we aim to design a configurable matching algorithm. According to the size of the lookup table that can be stored in the L1 cache, the proposed algorithm can be configured to provide difference performance. Obviously, the larger the lookup table, the better the matching performance. The performance of the proposed algorithms will be evaluated by both analytical and simulation results.
Project IDs
Project ID:PB10007-7245
External Project ID:NSC100-2221-E182-050
External Project ID:NSC100-2221-E182-050
Status | Finished |
---|---|
Effective start/end date | 01/08/11 → 31/07/12 |
Fingerprint
Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.