SIFT: Snort Intrusion Filter for TCP

13 years 10 months ago

Download www.arl.wustl.edu

Intrusion rule processing in reconﬁgurable hardware enables intrusion detection and prevention services to run at multi Gigabit/second rates. High-level intrusion rules mapped directly into hardware separate malicious content from benign content in network trafﬁc. Hardware parallelism allows intrusion systems to scale to support fast network links, such as OC-192 and 10 Gbps Ethernet. In this paper, a Snort Intrusion Filter for TCP (SIFT) is presented that operates as a preprocessor to prevent benign trafﬁc from being inspected by an intrusion monitor running Snort. Snort is a popular open-source rule-processing intrusion system. SIFT selectively forwards IP packets that contain questionable headers or deﬁned signatures to a PC where complete rule processing is performed. SIFT alleviates the need for most network trafﬁc from being inspected by software. Statistics, like how many packets match rules, are used to optimize rule processing systems. SIFT has been implemented and ...

Michael Attig, John W. Lockwood

Real-time Traffic

HOTI 2005 | Intrusion | Intrusion Rules | Intrusion System |

claim paper

Post Info
More Details (n/a)

Added	24 Jun 2010
Updated	24 Jun 2010
Type	Conference
Year	2005
Where	HOTI
Authors	Michael Attig, John W. Lockwood

Comments (0)

Sciweavers

SIFT: Snort Intrusion Filter for TCP

HOTI 2005 | Intrusion | Intrusion Rules | Intrusion System |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers