{"title":"Increasing Throughput of Intrusion Detection Systems by Hash-Based Short String Pre-filter","authors":"Tomás Fukac, V. Kosar, J. Korenek, J. Matoušek","doi":"10.1109/LCN48667.2020.9314812","DOIUrl":null,"url":null,"abstract":"With an increasing speed of network links, it is also necessary to increase the throughput of network security systems. An intrusion detection system (IDS) is one of the key components in the protection of network infrastructure. Unfortunately, the IDS has to match a large set of regular expressions (REs) in network streams, which has a negative impact on its throughput. A fast pre-filtration of network traffic can allow to achieve a higher overall throughput. Therefore, we have designed a new algorithm, which is able to select short strings that represent an RE set utilized in the IDS. Compared to previous methods, strings are selected in less than a second for an RE and can reduce network traffic up to 3.3 times better. As all selected strings have the same length, they can be used in a hash-based pre-filter, which is able to process more 100 Gbps of network traffic.","PeriodicalId":245782,"journal":{"name":"2020 IEEE 45th Conference on Local Computer Networks (LCN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 45th Conference on Local Computer Networks (LCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN48667.2020.9314812","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
With an increasing speed of network links, it is also necessary to increase the throughput of network security systems. An intrusion detection system (IDS) is one of the key components in the protection of network infrastructure. Unfortunately, the IDS has to match a large set of regular expressions (REs) in network streams, which has a negative impact on its throughput. A fast pre-filtration of network traffic can allow to achieve a higher overall throughput. Therefore, we have designed a new algorithm, which is able to select short strings that represent an RE set utilized in the IDS. Compared to previous methods, strings are selected in less than a second for an RE and can reduce network traffic up to 3.3 times better. As all selected strings have the same length, they can be used in a hash-based pre-filter, which is able to process more 100 Gbps of network traffic.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
