Snort offloader: A reconfigurable hardware NIDS filter

Haoyu Song; Todd Sproull; Mike Attig; John Lockwood

Snort offloader: A reconfigurable hardware NIDS filter

Haoyu Song
, Todd Sproull
, Mike Attig
, John Lockwood

Department of Computer Science & Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

42 Scopus citations

Abstract

Software-based Network Intrusion Detection Systems (NIDS) often fail to keep up with high-speed network links. In this paper an FPGA-based pre-filter is presented that reduces the amount of traffic sent to a software-based NIDS for inspection. Simulations using real network traces and the Snort rule set show that a pre-filter can reduce up to 90% of network traffic that would have otherwise been processed by Snort software. The projected performance enables a computer to perform real-time intrusion detection of malicious content passing over a 10Gbps network using FPGA hardware that operates with 10 Gbps of throughput and software that needs only to operate with 1 Gbps of throughput.

Original language	English
Title of host publication	Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL
Pages	493-498
Number of pages	6
State	Published - 2005
Event	2005 International Conference on Field Programmable Logic and Applications, FPL - Tampere, Finland Duration: Aug 24 2005 → Aug 26 2005

Publication series

Name	Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL
Volume	2005

Conference

Conference	2005 International Conference on Field Programmable Logic and Applications, FPL
Country/Territory	Finland
City	Tampere
Period	08/24/05 → 08/26/05

Cite this

@inproceedings{b682329ad21e4b35bd24f4810f9a835b,

title = "Snort offloader: A reconfigurable hardware NIDS filter",

abstract = "Software-based Network Intrusion Detection Systems (NIDS) often fail to keep up with high-speed network links. In this paper an FPGA-based pre-filter is presented that reduces the amount of traffic sent to a software-based NIDS for inspection. Simulations using real network traces and the Snort rule set show that a pre-filter can reduce up to 90\% of network traffic that would have otherwise been processed by Snort software. The projected performance enables a computer to perform real-time intrusion detection of malicious content passing over a 10Gbps network using FPGA hardware that operates with 10 Gbps of throughput and software that needs only to operate with 1 Gbps of throughput.",

author = "Haoyu Song and Todd Sproull and Mike Attig and John Lockwood",

year = "2005",

language = "English",

isbn = "0780393627",

series = "Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL",

pages = "493--498",

booktitle = "Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL",

note = "2005 International Conference on Field Programmable Logic and Applications, FPL ; Conference date: 24-08-2005 Through 26-08-2005",

}

Song, H, Sproull, T, Attig, M & Lockwood, J 2005, Snort offloader: A reconfigurable hardware NIDS filter. in Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL., 1515770, Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL, vol. 2005, pp. 493-498, 2005 International Conference on Field Programmable Logic and Applications, FPL, Tampere, Finland, 08/24/05.

Snort offloader: A reconfigurable hardware NIDS filter. / Song, Haoyu; Sproull, Todd; Attig, Mike et al.
Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL. 2005. p. 493-498 1515770 (Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL; Vol. 2005).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Snort offloader

T2 - 2005 International Conference on Field Programmable Logic and Applications, FPL

AU - Song, Haoyu

AU - Sproull, Todd

AU - Attig, Mike

AU - Lockwood, John

PY - 2005

Y1 - 2005

N2 - Software-based Network Intrusion Detection Systems (NIDS) often fail to keep up with high-speed network links. In this paper an FPGA-based pre-filter is presented that reduces the amount of traffic sent to a software-based NIDS for inspection. Simulations using real network traces and the Snort rule set show that a pre-filter can reduce up to 90% of network traffic that would have otherwise been processed by Snort software. The projected performance enables a computer to perform real-time intrusion detection of malicious content passing over a 10Gbps network using FPGA hardware that operates with 10 Gbps of throughput and software that needs only to operate with 1 Gbps of throughput.

AB - Software-based Network Intrusion Detection Systems (NIDS) often fail to keep up with high-speed network links. In this paper an FPGA-based pre-filter is presented that reduces the amount of traffic sent to a software-based NIDS for inspection. Simulations using real network traces and the Snort rule set show that a pre-filter can reduce up to 90% of network traffic that would have otherwise been processed by Snort software. The projected performance enables a computer to perform real-time intrusion detection of malicious content passing over a 10Gbps network using FPGA hardware that operates with 10 Gbps of throughput and software that needs only to operate with 1 Gbps of throughput.

UR - https://www.scopus.com/pages/publications/33746890192

M3 - Conference contribution

AN - SCOPUS:33746890192

SN - 0780393627

SN - 9780780393622

T3 - Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL

SP - 493

EP - 498

BT - Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL

Y2 - 24 August 2005 through 26 August 2005

ER -

Snort offloader: A reconfigurable hardware NIDS filter

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this