네트워크 프로세서 기반 고성능 네트워크 침입 탐지 엔진에 관한 연구An Implementation of Network Intrusion Detection Engines on Network Processors
초고속 인터넷 망이 빠른 속도로 구축이 되고, 네트워크에 대한 해커나 침입자들의 수가 급증함에 따라, 실시간 고속 패킷 처리가 가능한 네트워크 침입 탐지 시스템이 요구되고 있다. 본 논문에서는 일반적으로 소프트웨어 방식으로 구현된 침입 탐지 시스템을 고속의 패킷 처리에 뛰어난 성능을 가지고 있는 네트워크 프로세서를 이용하여 재설계 및 구현하였다. 제한된 자원과 기능을 가지는 다중 처리 프로세서(Multi-processing Processor)로 구성된 네트워크 프로세서에서 고성능 침입 탐지 시스템을 실현하기 위하여, 최적화된 자료구조와 알고리즘을 설계하였다. 그리고 더욱 효율적으로 침입 탐지 엔진을 스케줄링(scheduling)하기 위한 침입 탐지 엔진 할당 기법을 제안하였으며, 구현과 성능 분석을 통하여 제안된 기법의 적절성을 검증하였다.
Recently with the explosive growth of Internet applications, the attacks of hackers on network are increasing rapidly and becoming more seriously. Thus information security is emerging as a critical factor in designing a network system and much attention is paid to Network Intrusion Detection System (NIDS), which detects hackers’ attacks on network and handles them properly. However, the performance of current intrusion detection system cannot catch the increasing rate of the Internet speed because most of the NIDSs are implemented by software. In this paper, we propose a new high performance network intrusion using Network Processor. To achieve fast packet processing and dynamic adaptation of intrusion patterns that are continuously added, a new high performance network intrusion detection system using Intel’s network processor, IXP1200, is proposed. Unlike traditional intrusion detection engines, which have been implemented by either software or hardware so far, we design an optimized architecture and algorithms, exploiting the features of network processor. In addition, for more efficient detection engine scheduling, we proposed task allocation methods on multi-processing processors. Through implementation and performance evaluation, we show the proprieties of the proposed approach.
Recently with the explosive growth of Internet applications, the attacks of hackers on network are increasing rapidly and becoming more seriously. Thus information security is emerging as a critical factor in designing a network system and much attention is paid to Network Intrusion Detection System (NIDS), which detects hackers’ attacks on network and handles them properly. However, the performance of current intrusion detection system cannot catch the increasing rate of the Internet speed because most of the NIDSs are implemented by software. In this paper, we propose a new high performance network intrusion using Network Processor. To achieve fast packet processing and dynamic adaptation of intrusion patterns that are continuously added, a new high performance network intrusion detection system using Intel’s network processor, IXP1200, is proposed. Unlike traditional intrusion detection engines, which have been implemented by either software or hardware so far, we design an optimized architecture and algorithms, exploiting the features of network processor. In addition, for more efficient detection engine scheduling, we proposed task allocation methods on multi-processing processors. Through implementation and performance evaluation, we show the proprieties of the proposed approach.
- Publisher
- 한국정보과학회
- Issue Date
- 2006-04
- Keywords
침입 탐지 시스템; 네트워크 프로세서; Snort; IXP1200
- Citation
정보과학회논문지 : 정보통신, Vol.33, No.2, pp.113-130
- ISSN
- 1229-7720
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
- 07. 네트워크 프로세서 기반 고성능 네트워크 침입 탐지 엔진에 관한 연구.pdf(894.12 kB)Download
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.