28 April 2010 Generation of high-performance protocol-aware analyzers with applications in intrusion detection systems
Author Affiliations +
Abstract
Traditional Intrusion Detection and Prevention (IDP) systems scan packets quickly by applying simple byte-wise pattern signatures to network flows. Such a protocol-agnostic approach can be compromised with polymorphic attacks: slight modifications of exploits that bypass pattern signatures but still reach corresponding vulnerabilities. To protect against these attacks, a solution is to provision the IDP system with protocol awareness, at the risk of degrading performance. To balance vulnerability coverage against network performance, we introduce a hardware-aware, compiler-based platform that leverages hardware engines to accelerate the core functions of protocol parsing and protocol-aware signature evaluation.
© (2010) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Jordi Ros-Giralt, Peter Szilagyi, James Ezick, David Wohlford, Richard Lethin, "Generation of high-performance protocol-aware analyzers with applications in intrusion detection systems", Proc. SPIE 7709, Cyber Security, Situation Management, and Impact Assessment II; and Visual Analytics for Homeland Defense and Security II, 770909 (28 April 2010); doi: 10.1117/12.848702; https://doi.org/10.1117/12.848702
PROCEEDINGS
12 PAGES


SHARE
Back to Top