Abstract
By growing and development of computer networks and generalizing the use of modern services on the information platform, the importance of communication and information security is considered more than the other times by network representations and users. Presented reports by response computer incident different groups show the wide growth of computer attacks in the recent years. In this case Network Intrusion Detection Systems (NIDS) as one of the Intrusion Detection System (IDS) types, are be transformed to the utilization systems for establishing the security levels and detecting the illegal activities in the network. This research includes an IDS which is written in C programming language that uses 15597 Snort rules and MIT Lincoln Lab network traffic. By running this security application on the V850, OR1K, MIPS32, ARM7TDMI and PowerPC32 microprocessors, their performance can be evaluated. For increasing the performance in this research, the GNU Compiler Collection (GCC) optimization levels are used and at the end, base on O2 optimization level a new combination of optimization flags is presented which the performance of ARM7TDMI microprocessor is increased.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, J.P.: Computer security threat monitoring and surveillance. Technical report. James P. Anderson Company, Fort Washington, Pennsylvania (April 1980)
Denning, D.: An intrusion-detection model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)
Sourcefire. Snort: The Open Source Network Intrusion Detection System (2009), http://www.snort.org
Jason Coit, C., Staniford, S., McAlerney, J.: Towards Faster String Matching for Intrusion Detection or Exceeding the Speed of Snort. In: DARPA Information Survivability Conference and Exposition (DISCEX II 2001), vol. 1, p. 367 (2001)
Moscola, J., Lockwood, J., Loui, R.P., Pachos, M.: Implementation of a Content-Scanning Module for an Internet Firewall. In: Proceedings of FCCM 2003 (April 2003)
Kumar, S., et al.: Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection. In: ACM SIGCOMM 2006, Pisa, Italy, September 12-15 (2006)
Lu, H., Zheng, K., Liu, B., Zhang, X., Liu, Y.: A Memory-Efficient Parallel String Matching Architecture for High Speed Intrusion Detection. IEEE Journal on Selected Areas in Communications 24(10) (October 2006)
Kumar, S., Turner, J., Williams, J.: Advanced algorithms for fast and scalable deep packet inspection. In: Proc. of ACM/IEEE Symposium on Architecture for Networking and Sommunications Systems (ANCS 2006), pp. 81–92. ACM Press, New York (2006)
Jiang, J., Wang, X., He, K., Liu, B.: Parallel Architecture for High Throughput DFA-Based Deep Packet Inspection. In: Proc. of IEEE Int. Conf. on Communications (ICC), pp. 23–27 (May 2010)
Song, T., Wang, D.: Another CDFA Based Multi-Pattern Matching Algorithm and Architecture for Packet Inspection. In: Proc. of 20th Int. Conf. on Computer Communications and Networks, ICCCN (2011)
Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Implementation of a Deep Packet Inspection Ciruit using Parallel Bloom Filters in Reconfigurable Hardware. In: Proceedings of HOTi 2003 (2003)
Sidhu, R., Mei, A., Prasanna, V.K.: String Matching on Multicontext FPGAs using Self-Reconfiguration. In: Proceedings of FPGA 2003 (February 1999)
Lee, T.H.: Hardware architecture for high-performance regular expression matching. IEEE Trans. on Computers (July 2009)
Lin, C.-H.: Hybrid memory architecture for regular expression matching. In: 52nd IEEE International Midwest Symposium on Circuits and Systems, MWSCAS, pp. 1159–1162 (2009)
Smith, R., et al.: XFA: Faster Signature Matching with Extended Automata. In: 2008 IEEE Symposium on Security and Privacy (2008)
Yu, F., Katz, R.H., Lakshman, T.V.: Gigabit Rate Packet Pattern-Matching Using TCAM. In: ICNP 2004 (2004)
Taherkhani, M.A., Abbaspour, M.: An Efficient Hardware Architecture for Deep Packet Inspection in Hybrid Intrusion Detection Systems. In: Proc. 4th International Conference on Communications and Networking in China, August 26-28 (2009)
Sourcefire, Inc. SNORT® Users Manual 2.9.0, The Snort Project (September 27, 2010)
Doxygen, FFPT Reference Manual 1.3 (July 2004), http://ffpf.sourceforge.net
http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html
OVP Simulation, http://www.ovpworld.org/aboutovp.php
Compiler from Wikipedia, http://en.wikipedia.org/wiki/Compiler
GNU Compiler Collection from Wikipedia, http://en.wikipedia.org/wiki/GNU_Compiler_Collection
Optimize Options - Using the GNU Compiler Collection (GCC), http://gcc.gnu.org/onlinedocs/gcc-4.1.1/gcc/Optimize-options.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nezakatolhoseini, M., Jabbehdari, S., Pourmina, M.A. (2012). Analysis and Performance Evaluation of Application Specific Processors for Network-Based Intrusion Detection Systems. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol 176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31513-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-31513-8_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31512-1
Online ISBN: 978-3-642-31513-8
eBook Packages: EngineeringEngineering (R0)