International Journal of Information Technology and Computer Science (IJITCS)
IJITCS Vol. 6, No. 7, 8 Jun. 2014
Cover page and Table of Contents: PDF (size: 304KB)
High Performance Network Security Using NIDS Approach
Full Text (PDF, 304KB), PP.47-55
Views: 0 Downloads: 0
Author(s)
Sutapa Sarkar
1,*
Brindha.M
1
Index Terms
Network Intrusion Detection System, Snort, FPGA
Abstract
Ever increasing demand of good quality communication relies heavily on Network Intrusion Detection System (NIDS). Intrusion detection for network security demands high performance. This paper gives a description of the available approaches for a network intrusion detection system in both software and hardware implementation. This paper gives a description of the structure of Snort rule set which is a very popular software signature and anomaly based Intrusion Detection and prevention system. This paper also discusses the merit of FPGA devices to be used in network intrusion detection system implementation and the approaches used in hardware implementation of NIDS.
Cite This Paper
Sutapa Sarkar, Brindha.M, "High Performance Network Security Using NIDS Approach", International Journal of Information Technology and Computer Science(IJITCS), vol.6, no.7, pp.47-55, 2014. DOI:10.5815/ijitcs.2014.07.07
Reference
[1]Zachary K. Baker, Student Member, IEEE, and Viktor K. Prasanna, Fellow, IEEE. Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs. IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 4, October-December 2006.
[2]Przemyslaw Kazienko & Piotr Dorosz. Intrusion Detection Systems (IDS) Part I - (network intrusions; attack symptoms; IDS tasks; and IDS architecture). www.windowsecurity.com › Articles & Tutorials
[3]Sailesh Kumar, “Survey of Current Network Intrusion Detection Techniques”, available at http://www.cse.wustl.edu/~jain/cse571-07/ftp/ids.pdf.
[4]Srilatha Chebrolu, Ajith Abrahama,,*, Johnson P. Thomas, Feature deduction and ensemble design of intrusion detection systems, Elsevier Ltd. doi:10.1016/j.cose.2004.09.008
[5]Uwe Aickelin, Julie Greensmith, Jamie Twycross . Immune System Approaches to Intrusion Detection - A Review.http://eprints.nottingham.ac.uk/619/1/04icaris_ids_review.pdf
[6]http://www.intechopen.com/download/get/type/pdfs/id/8695
[7]Martin Roesch , “Snort – Lightweight Intrusion Detection for Networks”, © 1999 by The USENIX Association
[8]The Snort Project, Snort User Manual 2.9.5,May 29, 2013, Copyright 1998-2003Martin Roesch, Copyright 2001-2003 Chris Green, Copyright 2003-2013 Sourcefire, Inc.
[9]Chapter 3, Working With Snort Rules, Pearson Education Inc.
[10]Sumanth Donthi Roger L. Haggard . A Survey of Dynamically Reconfigurable FPGA Devices. 0-7803-7697-8/03/2003 IEEE.
[11]S. Sinha, F. Jahanian, J. Patel, “Wind: Workload-aware intrusion detection”,Recent Advances in Intrusion Detection, Springer, pp. 290–310,2006.
[12]Salvatore Pontarelli, Giuseppe Bianchi, Simone Teofili. Traffic-aware Design of a High Speed FPGA Network Intrusion Detection System. Digital Object Indentifier 10.1109/TC.2012.105, IEEE TRANSACTIONS ON COMPUTERS
[13]J. Moscola, J. Lockwood, R.P. Loui, and M. Pachos, “Implementation of a Content-Scanning Module for an Internet Firewall,” Proc. of 11th IEEE Symp. on Field-Programmable Custom Computing Machines, FCCM 2003, pp. 31-38.
[14]C. R. Clark and D. E. Schimmel, “Scalable parallel pattern-matching on high-speed networks,” in Proc. of IEEE Symposium on Field- Programmable Custom Computing Machines, FCCM 2004, pp. 249-257.
[15]R. Sidhu and V.K. Prasanna, “Fast Regular Expression Matching Using FPGAs,” in Proc. of the 9th IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM 2001, pp. 227 - 238.