High Performance Session State Management Scheme for Stateful Packet Inspection

Yoon, Seungyong; Kim, Byoungkoo; Oh, Jintae; Jang, Jongsoo

doi:10.1007/978-3-540-75476-3_73

Seungyong Yoon¹,
Byoungkoo Kim¹,
Jintae Oh¹ &
…
Jongsoo Jang¹

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 4773))

Included in the following conference series:

Asia-Pacific Network Operations and Management Symposium

1066 Accesses
4 Citations

Abstract

This paper relates to a method for performing Stateful Packet Inspection(SPI) in real time using a session table management scheme that allows more efficient generation of session state information. SPI is an important technique to reduce false positive alerts in network intrusion detection system(NIDS). As the number of session increases, this technique requires a higher processing speed, thereby causing performance problems. However, existing software-based solutions cannot perform real-time packet inspection ensuring the wire speed. To guarantee both performance and functionality with respect to statefulness, we designed and implemented SPI-based intrusion detection module in a FPGA to help alleviating a bottleneck in network intrusion detection systems in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Firewall-1 Product, http://www.checkpoint.com
Spitzner, L.: Understanding the FW-1 State Table, http://www.spitzner.net/fwtable.html
Caswell, B., Beale, J., Foster, J.C., Faircloth, J.: Snort 2.0 Intrusion Detection(Syngress Publishing, February 2003)
Google Scholar
Snort Preprocessor Stream4, http://www.snort.org
Li, X., Ji, Z.-Z., Hu, M.-Z.: Stateful Inspection Firewall Session Table Processing. In: ITCC’05. Proc. Of the International Conference on Information Technology: Coding and Computing, vol. 2, pp. 615–620 (April 2005)
Google Scholar
Sergei, et al.: SNORTRAN: An Optimizing Compiler for Snort Rules, Fidelis Security Systems, Inc. (2002)
Google Scholar
Kim, B., Heo, Y., Oh, J.: High-Performance Intrusion Detection in FPGA-based Reconfiguring Hardware. In: Proceeding of APNOMS (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Electronics and Telecommunications Research Institute, 305-350, 161 Gajeong-dong, Yuseong-gu, Daejeon, Republic of Korea
Seungyong Yoon, Byoungkoo Kim, Jintae Oh & Jongsoo Jang

Authors

Seungyong Yoon
View author publications
You can also search for this author in PubMed Google Scholar
Byoungkoo Kim
View author publications
You can also search for this author in PubMed Google Scholar
Jintae Oh
View author publications
You can also search for this author in PubMed Google Scholar
Jongsoo Jang
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Shingo Ata Choong Seon Hong

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Yoon, S., Kim, B., Oh, J., Jang, J. (2007). High Performance Session State Management Scheme for Stateful Packet Inspection. In: Ata, S., Hong, C.S. (eds) Managing Next Generation Networks and Services. APNOMS 2007. Lecture Notes in Computer Science, vol 4773. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75476-3_73

Download citation

DOI: https://doi.org/10.1007/978-3-540-75476-3_73
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75475-6
Online ISBN: 978-3-540-75476-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics