High-Speed Stateful Packet Inspection Architecture for Network Intrusion Detection Systems
Date Issued
2008
Date
2008
Author(s)
Yang, Ju-Cheng
Abstract
Stateful Packet Inspection (SPI) is one of the most critical functions for network security devices such as routers and firewalls. SPI uses previous communications to derive the state of current communication and records the packet state by a session table whose entries typically store source and destination IP addresses, port numbers and other important information. As the network wire speed increases, a high performance and low storage usage SPI architecture is required for defending against malicious TCP traffic. In this thesis, we start by a hashing-based SPI architecture which can filter most of attack traffic. Then we propose an SPI approach called HSK (Hashing the Session Key) based on this architecture. An FPGA-based implementation can support better performance especially when using a dedicated memory bank for each hashing table and using pipeline technologies. Both theoretical and experimental results show that our SPI-HSK architecture can provide a higher processing speed and a lower storage requirement than other existing signature based SPI solutions, and can work well in Gigabit Ethernet networks.
Subjects
Hashing
stateful packet inspection
session table
network security
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-97-R95921094-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):6e605da31b49a3b6c554fc90dc9de406