LIÊN KẾT WEBSITE
TCP reassembly for signature-based network intrusion detection systems
2012 9th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology, ECTI-CON 2012 Số , năm 2012 (Tập , trang -)
DOI: 10.1109/ECTICon.2012.6254336
Tài liệu thuộc danh mục: Scopus
Conference Paper
English
Từ khóa: Connection oriented; Edge; Intrusion Detection Systems; Intrusion signatures; Linked list; Matching techniques; Reassembly; Segment array; Signature-based network intrusion detection systems; TCP connections; TCP packets; Computer crime; Dynamic random access storage; Field programmable gate arrays (FPGA); Information technology; Memory architecture; Network architecture; Transmission control protocol
Tóm tắt tiếng anh
Rapid development of network makes it a very important and vulnerable part of every field of life. Many intrusion detection systems are developed to protect the network using signature-based matching technique. For connection oriented protocols, such as Transmission Control Protocol, the data should be reassembled before being scanned by the matching engine. Several techniques are introduced to reassemble TCP packets on FPGA. However, they have some disadvantages such as inefficient memory, unscalable system, and unsupported complex TCP connections. In this paper, we propose a multi-linked-list approach and a combination of edge buffering scheme for TCP reassembly, which helps detecting cross packets intrusion signatures. Our architecture not only supports TCP connections with up to 4 concurrent holes, but also uses memory more efficiently than others. The experimental results show that our system can hold about 256K connections simultaneously and support up to 46K out-of-sequence connections with only 64MB DRAM. � 2012 IEEE.
