Network intrusion prevention systems provide proactive defense against security threats by detecting and blocking attack-related traffic. This task can be highly complex, and therefore, software-based network intrusion prevention systems have difficulty in handling high speed links. This paper describes the design and implementation of a high-performance network intrusion prevention system that combines the use of software-based network intrusion prevention sensors and a network processor board. The network processor acts as a customized load balancing splitter that cooperates with a set of modified content-based network intrusion detection sensors in processing network traffic. We show that the components of such a system, if co-designed, can achieve high performance, while minimizing redundant processing and communication. We have implemented the system using low-cost, off-the-shelf technology: an IXP1200 network processor evaluation board and commodity PCs. Our evaluation shows that our enhancements can reduce the processing load of the sensors by at least 45% resulting in a system that can handle a fully-loaded Gigabit Ethernet link using at most four commodity PCs. Copyright © 2005 by International Federation for Information Processing.
CITATION STYLE
Xinidis, K., Anagnostakis, K. G., & Markatos, E. P. (2005). Design and implementation of a high-performance network intrusion prevention system. In IFIP Advances in Information and Communication Technology (Vol. 181, pp. 359–374). https://doi.org/10.1007/0-387-25660-1_24
Mendeley helps you to discover research relevant for your work.