|
|
Автор: Govind Sreekar Shenoy
Год: 2014
Издание:
LAP Lambert Academic Publishing
Страниц: 160
ISBN: 9783659612770
System security is a prerequisite for efficient day-to-day transactions. As a consequence, Intrusion Detection Systems (IDS) are commonly used to provide an effective security ring to systems in a network. An IDS operates by inspecting packets flowing in the network for malicious content. To do so, an IDS like Snort[49] compares bytes in a packet with a database of prior reported attacks. This functionality can also be viewed as string matching of the packet bytes with the attack string database. In this thesis we explore hardware and software techniques to accelerate string matching in an IDS. We propose mechanisms/hueristics that can be deployed either in a custom ASIC or a network processor and/or a commodity CPU. Our performance results indicate clear benefits in using our proposed scheme over the state-of-the-art.
|
|
