Runtime rule-reconfigurable high throughput NIPS on FPGA

Most of the intrusion detection and prevention systems (NIDS/NIPS) are utilizing signature based matching which makes use of a stored rule base for distinguishing malicious network traffic. Dynamic rule-base updates has become a requirement due to the increasingly large number of new attack types identified every day, while the downtime associated with rule base updates has become a major drawback in hardware based Network Intrusion Prevention Systems. In addition, the NIPS are facing the challenge of expanding their throughput to cope with the ever growing high bandwidth requirement. This paper presents a novel scalable architecture for a NIPS with stateful packet inspection. The implementation is capable of processing Snort signatures and also analyzing packet streams to detect attacks with TCP segment manipulation. The system ensures run-time rule reconfigurability, which eliminates the risk of downtime due to rule-base updates, providing high throughput with low latency. The architecture is capable of detecting and blocking malicious content passing through a computer network at a line rate of 10 Gbps, working at 200 MHz on a Xilinx VC707 Evaluation board.

Hali tarjima qilinmagan