111 Hits in 5.6 sec

Fast Packet Classification Using Condition Factorization [chapter]

Alok Tongaonkar, R. Sekar, Sreenaath Vasudevan
2009 Lecture Notes in Computer Science  
Rule-based packet classification plays a central role in network intrusion detection systems such as Snort.  ...  To enhance performance, these rules are typically compiled into a matching automaton that can quickly identify the subset of rules that are applicable to a given network packet.  ...  Figure 8 shows the matching time taken by Snort, Snort-NG and our technique for classifying these packets as the number of rules change.  ... 
doi:10.1007/978-3-642-01957-9_26 fatcat:tta2rpnngbhlpjberl5g3dbgbq

A Survey on Network Security Monitoring Systems

Ibrahim Ghafir, Vaclav Prenosil, Jakub Svoboda, Mohammad Hammoudeh
2016 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW)  
If a network were to be down even for a small period of time, productivity within a company would decline, and in the case of public service departments the ability to provide essential services would  ...  This paper provides the readers with an overview of concrete software implementations of the current network monitoring approaches. In addition, it presents a comparison between those implementations.  ...  Rule options specify content on which the rule matches and other properties of the rule, its name, classification type, etc.  ... 
doi:10.1109/w-ficloud.2016.30 dblp:conf/ficloud/GhafirPSH16 fatcat:5pknk4msdraj5gtje7kn2omwiu

FPL-3: Towards Language Support for Distributed Packet Processing [chapter]

Mihai-Lucian Cristea, Willem de Bruijn, Herbert Bos
2005 Lecture Notes in Computer Science  
By distributing FPL-3 based tasks across a possibly heterogeneous network of processing nodes, the NET-FFPF network monitoring architecture facilitates very high speed packet processing.  ...  The FPL-3 packet filtering language incorporates explicit support for distributed processing into the language.  ...  Acknowledgements This work was supported by the EU SCAMPI project IST-2001-32404, and the EU LOBSTER project, while Intel donated the network cards.  ... 
doi:10.1007/11422778_60 fatcat:6ombsl5u2rbdhfg2u75avkttjy

Design and implementation of a framework for creating portable and efficient packet-processing applications

Olivier Morandi, Fulvio Risso, Silvio Valenti, Paolo Veglia
2008 Proceedings of the 7th ACM international conference on Embedded software - EMSOFT '08  
hardware functionalities provided by the specific architecture; finally, it demonstrates that the performances of NetVM programs compiled into native code are comparable to those obtained using commercial  ...  It is a common belief that using a virtual machine for portable executions of data-plane packet-processing applications would introduce too many penalties in terms of performance, because of the assumed  ...  ACKNOWLEDGEMENTS The authors wish to thank Marco Bergero and Pierluigi Rolando for the contribution they have given respectively in the development of the NetVM runtime environment and of the optimization  ... 
doi:10.1145/1450058.1450091 dblp:conf/emsoft/MorandiRVV08 fatcat:jleeuytcufafvllqfdkqbu7qfy

Offloading IDS Computation to the GPU

Nigel Jacob, Carla Brodley
2006 Proceedings of the Computer Security Applications Conference  
We propose a solution that off-loads some of the computation performed by the IDS to the Graphics Processing Unit (GPU).  ...  The results show that as the CPU load on the IDS host system increases, PixelSnort's performance is significantly more robust and is able to outperform conventional Snort by up to 40%.  ...  This classification scheme is borne-out by runtime profiling results for Snort.  ... 
doi:10.1109/acsac.2006.35 dblp:conf/acsac/JacobB06 fatcat:7oofv6cfdrfnxp7pov5bzrvz2u


Robin Sommer, Matthias Vallentin, Lorenzo De Carli, Vern Paxson
2014 Proceedings of the 2014 Conference on Internet Measurement Conference - IMC '14  
(ii) a compilation strategy for turning programs written for the abstract machine into optimized, natively executable code.  ...  We present HILTI, a platform that bridges this divide by providing to application developers much of the low-level functionality, without tying it to a specific analysis structure.  ...  Acknowledgments This work was supported by the US National Science Foundation under grants CNS-0831535, CNS-0915667, CNS-1228792, and CNS-1228782.  ... 
doi:10.1145/2663716.2663735 dblp:conf/imc/SommerVCP14 fatcat:xhrlkcgnpjhkxom7mltlhf5sce

A high-level architecture for efficient packet trace analysis on GPU co-processors

Alastair Nottingham, Barry Irwin
2013 2013 Information Security for South Africa  
This paper provides a high-level overview of the proposed architecture and its primary components, motivated by the results of prior research in the field.  ...  This paper proposes a high-level architecture to support efficient, massively parallel packet classification, filtering and analysis using commodity Graphics Processing Unit (GPU) hardware.  ...  Gnort used a fast parallel string matching algorithm to process packet payloads and identify threats using the Snort rule set.  ... 
doi:10.1109/issa.2013.6641052 dblp:conf/issa/NottinghamI13 fatcat:vk5tkcyzdfbc5aboaca5mhh2dq

Pattern Recognition without Tradeoffs: Scalable Accuracy with No Impact on Speed

Rick Dove
2009 2009 Cybersecurity Applications & Technology Conference for Homeland Security  
Automated recognition of patterns in data is constrained by tradeoffs among speed, cost, and accuracy.  ...  This paper introduces features of the processor architecture responsible for the decoupling, and shows how current tradeoff structure is altered.  ...  Acknowledgment This work was supported in part by the U.S. Department of Homeland Security award NBCHC070016.  ... 
doi:10.1109/catch.2009.31 fatcat:k4z42t3s2ndixawdcounbzfp3i

Creating portable and efficient packet processing applications

Olivier Morandi, Fulvio Risso, Pierluigi Rolando, Silvio Valenti, Paolo Veglia
2011 Design automation for embedded systems  
In this context, the Network Virtual Machine (NetVM) aims at defining an abstraction layer for the development of portable and efficient data-plane packet processing applications.  ...  Portability and efficiency are achieved altogether by virtualizing the hardware and by capturing in the programming model the peculiar characteristics of the application domain.  ...  ) colleagues who participated in the early days of this project, particularly Mario Baldi, Loris Degioanni and Gianluca Varenni who were part of the group of people who started the NetVM project back in  ... 
doi:10.1007/s10617-011-9072-8 fatcat:2fnuiaefyba25bxovdyi4zf46q

A Collaborative Approach to Situational Awareness for CyberSecurity

Mary Mathews, Paul Halvorsen, Anupam Joshi, Tim Finin
2012 Proceedings of the 8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing  
Traditional intrusion detection and prevention systems have well known limitations that decrease their utility against many kinds of attacks.  ...  In this paper, we present a framework that uses this collaborative approach, as well as the details for a network traffic based classifier that shows promise for detecting malicious traffic.  ...  Snort comes preconfigured with 16,000 rules and currently has over 20,000 additional signatures available for download [5] .  ... 
doi:10.4108/icst.collaboratecom.2012.250794 dblp:conf/colcom/MathewsHJF12 fatcat:fhago6d6abgrlpeboo7uryz5re


Chen Sun, Jun Bi, Zhilong Zheng, Heng Yu, Hongxin Hu
2017 Proceedings of the Conference of the ACM Special Interest Group on Data Communication - SIGCOMM '17  
Third, NFP infrastructure performs light-weight packet copying, distributed parallel packet delivery, and load-balanced merging of packet copies to support NF parallelism.  ...  Current acceleration efforts for NFV mainly target on optimizing each component of the sequential service chain.  ...  This work is supported by National Key Research and Development Plan of China (2017YFB0801701), and National Science Foundation of China (No.61472213).  ... 
doi:10.1145/3098822.3098826 dblp:conf/sigcomm/SunBZYH17 fatcat:lfh4nxgcy5dtnd4k4qdxwr6eri

A misuse-based network Intrusion Detection System using Temporal Logic and stream processing

Abdulbasit Ahmed, Alexei Lisitsa, Clare Dixon
2011 2011 5th International Conference on Network and System Security  
Snort does not has a native sniffer and use LIBPCAP 1 to capture packets from the network interface device.  ...  It builds attack signatures by parsing Snort rules.  ...  The first line of the grammar file specifies the name of the file as stored in the file system. The options section specify the options set to be used for processing this grammar file.  ... 
doi:10.1109/icnss.2011.6059953 dblp:conf/nss/AhmedLD11 fatcat:lsgkv7acf5aujbe4oa6lgaaoh4

Haetae: Scaling the Performance of Network Intrusion Detection with Many-Core Processors [chapter]

Jaehyun Nam, Muhammad Jamshed, Byungkwon Choi, Dongsu Han, KyoungSoo Park
2015 Lecture Notes in Computer Science  
Our evaluation shows that Haetae achieves up to 79.3 Gbps for synthetic traffic or 48.5 Gbps for real packet traces.  ...  Also, Haetae minimizes redundant memory access by maintaining the packet metadata structure as small as possible.  ...  Acknowledgments We thank anonymous reviewers of RAID 2015 for their insightful comments on our paper.  ... 
doi:10.1007/978-3-319-26362-5_5 fatcat:efehbvvshjaxlchmi5z72usseu

An orchestration approach for unwanted Internet traffic identification

Eduardo Feitosa, Eduardo Souto, Djamel H. Sadok
2012 Computer Networks  
Therefore, this reduces the number of packets received by the second Snort detector.  ...  Snort (Firewall/Gateway) are of the same classification as those from the previous (DNS response for RFC1918).  ... 
doi:10.1016/j.comnet.2012.04.018 fatcat:2aeso6gfq5dmhixzfzpjo7jrwm


Bohdan Trach, Alfred Krohmer, Franz Gregor, Sergei Arnautov, Pramod Bhatotia, Christof Fetzer
2018 Proceedings of the Symposium on SDN Research - SOSR '18  
For network operators, ShieldBox provides configuration and attestation service for seamless and verifiable deployment of middleboxes.  ...  For middlebox developers, ShieldBox exposes a generic interface based on Click to design and implement a wide-range of NFs using its out-of-the-box elements and C++ extensions.  ...  We thank our shepherd Aurojit Panda for the helpful comments.  ... 
doi:10.1145/3185467.3185469 dblp:conf/sosr/TrachKGABF18 fatcat:5u4k2egzcna6dem3lhp653qgjm
« Previous Showing results 1 — 15 out of 111 results