Sciweavers

HOTI
2005
IEEE

SIFT: Snort Intrusion Filter for TCP

14 years 6 months ago
SIFT: Snort Intrusion Filter for TCP
Intrusion rule processing in reconfigurable hardware enables intrusion detection and prevention services to run at multi Gigabit/second rates. High-level intrusion rules mapped directly into hardware separate malicious content from benign content in network traffic. Hardware parallelism allows intrusion systems to scale to support fast network links, such as OC-192 and 10 Gbps Ethernet. In this paper, a Snort Intrusion Filter for TCP (SIFT) is presented that operates as a preprocessor to prevent benign traffic from being inspected by an intrusion monitor running Snort. Snort is a popular open-source rule-processing intrusion system. SIFT selectively forwards IP packets that contain questionable headers or defined signatures to a PC where complete rule processing is performed. SIFT alleviates the need for most network traffic from being inspected by software. Statistics, like how many packets match rules, are used to optimize rule processing systems. SIFT has been implemented and ...
Michael Attig, John W. Lockwood
Added 24 Jun 2010
Updated 24 Jun 2010
Type Conference
Year 2005
Where HOTI
Authors Michael Attig, John W. Lockwood
Comments (0)