A Parallel Architecture for Stateful, High-Speed Intrusion Detection [chapter]

Luca Foschini, Ashish V. Thapliyal, Lorenzo Cavallaro, Christopher Kruegel, Giovanni Vigna
2008 Lecture Notes in Computer Science  
The increase in bandwidth over processing power has made stateful intrusion detection for high-speed networks more difficult, and, in certain cases, impossible. The problem of real-time stateful intrusion detection in high-speed networks cannot easily be solved by optimizing the packet matching algorithm utilized by a centralized process or by using custom-developed hardware. Instead, there is a need for a parallel approach that is able to decompose the problem into subproblems of manageable
more » ... e. We present a novel parallel matching algorithm for the signature-based detection of network attacks. The algorithm is able to perform stateful signature matching and has been implemented only using off-the-shelf components. Our initial experiments confirm that, by making the rule matching process parallel, it is possible to achieve a scalable implementation of a stateful, network-based intrusion detection system.
doi:10.1007/978-3-540-89862-7_18 fatcat:r6ysodmtvrcbhesalvlbfehjky