Abstract
This paper relates to a method for performing Stateful Packet Inspection(SPI) in real time using a session table management scheme that allows more efficient generation of session state information. SPI is an important technique to reduce false positive alerts in network intrusion detection system(NIDS). As the number of session increases, this technique requires a higher processing speed, thereby causing performance problems. However, existing software-based solutions cannot perform real-time packet inspection ensuring the wire speed. To guarantee both performance and functionality with respect to statefulness, we designed and implemented SPI-based intrusion detection module in a FPGA to help alleviating a bottleneck in network intrusion detection systems in this paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Firewall-1 Product, http://www.checkpoint.com
Spitzner, L.: Understanding the FW-1 State Table, http://www.spitzner.net/fwtable.html
Caswell, B., Beale, J., Foster, J.C., Faircloth, J.: Snort 2.0 Intrusion Detection(Syngress Publishing, February 2003)
Snort Preprocessor Stream4, http://www.snort.org
Li, X., Ji, Z.-Z., Hu, M.-Z.: Stateful Inspection Firewall Session Table Processing. In: ITCC’05. Proc. Of the International Conference on Information Technology: Coding and Computing, vol. 2, pp. 615–620 (April 2005)
Sergei, et al.: SNORTRAN: An Optimizing Compiler for Snort Rules, Fidelis Security Systems, Inc. (2002)
Kim, B., Heo, Y., Oh, J.: High-Performance Intrusion Detection in FPGA-based Reconfiguring Hardware. In: Proceeding of APNOMS (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yoon, S., Kim, B., Oh, J., Jang, J. (2007). High Performance Session State Management Scheme for Stateful Packet Inspection. In: Ata, S., Hong, C.S. (eds) Managing Next Generation Networks and Services. APNOMS 2007. Lecture Notes in Computer Science, vol 4773. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75476-3_73
Download citation
DOI: https://doi.org/10.1007/978-3-540-75476-3_73
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75475-6
Online ISBN: 978-3-540-75476-3
eBook Packages: Computer ScienceComputer Science (R0)