Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
FPGA
2007
ACM
2007
ACM
The shunt: an FPGA-based accelerator for network intrusion prevention
Today’s network intrusion prevention systems (IPSs) must perform increasingly sophisticated analysis—parsing protocols and interpreting application dialogs rather than simply searching for signature strings—for which the necessary algorithms defy full implementation in hardware, being much more readily implemented using general-purpose CPUs. Yet the performance of such CPUs increasingly lags behind that necessary to process today’s high-rate traffic streams. We observe that in many environments much of the traffic comprising a high-volume stream can, after some initial analysis, be qualified as “likely uninteresting.” Thus, we would like a means by which we can couple a general-purpose CPU with a specialized hardware element such that only the hardware element processes the bulk of the bytes in a network stream, while the CPU can still inspect those elements of network flows deemed germane for security analysis. To this end, we have developed an in-line, FPGA-based IPS...
Real-time Traffic| Added | 07 Jun 2010 |
| Updated | 07 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | FPGA |
| Authors | Nicholas Weaver, Vern Paxson, José M. González |
Comments (0)
Researcher Info
|
