A CAM-based intrusion detection system for single-packet attack detection
Many telecommunications devices such as network switches contain content addressable memories (CAMs) for uses such as routing tables. CAMs, a class of associative memories, contain considerable logic for various forms of content matching and can be considered a class of reconfigurable logic engines....
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Tagungsbericht |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 8 |
|---|---|
| container_issue | |
| container_start_page | 1 |
| container_title | |
| container_volume | |
| creator | Ying Yu Hoare, R.R. Jones, A.K. |
| description | Many telecommunications devices such as network switches contain content addressable memories (CAMs) for uses such as routing tables. CAMs, a class of associative memories, contain considerable logic for various forms of content matching and can be considered a class of reconfigurable logic engines. This paper demonstrates how a commercial ternary CAM and traditional RAM can be used with minimal additional logic to implement over 90% of the Snort 2.0 intrusion detection system (IDS) at line speeds of or exceeding 1 Gbs. In addition to simple matching techniques, sophisticated matching operations required by Snort can be implemented by levering an iterative approach that leverages a post processing action RAM. Additionally, a novel range encoding algorithm allows range matching required in the CAM for which other encodings either exceed the width provided by a CAM entry, or require excessive number of CAM entries to be scalable. The system was implemented for verification and performance evaluation in cycle accurate simulation using SystemC. |
| doi_str_mv | 10.1109/IPDPS.2008.4536531 |
| format | Conference Proceeding |
| fullrecord | <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4536531</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4536531</ieee_id><sourcerecordid>4536531</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-3b40196d4f065350ee4fd44af51ce959146ee7fb64f998021ccccad18e3185cd3</originalsourceid><addsrcrecordid>eNpFkEFLw0AQhVdUsNb-Ab3kD2ycyc6m2WOIVgMVC_ZeNtlZibZpya6H_nsjFvou8z2YNzxGiHuEFBHMY716Wn2kGUCRkla5VnghbpEyIswNmcuzUXAlJqgVyAzm-kbMQviCUWMsIzURdZlU5ZtsbGCXdH0cfkK37xPHkdv4R-EYIu8Svx-S0PWfW5YH235zTGyMI5w378S1t9vAs9OcivXieV29yuX7S12VS9kZiFI1BGhyRx7G2hqYyTsi6zW2bLRBypnnvsnJG1NAhu0o67BghYVunZqKh_-zHTNvDkO3s8Nxc_qC-gUdQk76</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A CAM-based intrusion detection system for single-packet attack detection</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Ying Yu ; Hoare, R.R. ; Jones, A.K.</creator><creatorcontrib>Ying Yu ; Hoare, R.R. ; Jones, A.K.</creatorcontrib><description>Many telecommunications devices such as network switches contain content addressable memories (CAMs) for uses such as routing tables. CAMs, a class of associative memories, contain considerable logic for various forms of content matching and can be considered a class of reconfigurable logic engines. This paper demonstrates how a commercial ternary CAM and traditional RAM can be used with minimal additional logic to implement over 90% of the Snort 2.0 intrusion detection system (IDS) at line speeds of or exceeding 1 Gbs. In addition to simple matching techniques, sophisticated matching operations required by Snort can be implemented by levering an iterative approach that leverages a post processing action RAM. Additionally, a novel range encoding algorithm allows range matching required in the CAM for which other encodings either exceed the width provided by a CAM entry, or require excessive number of CAM entries to be scalable. The system was implemented for verification and performance evaluation in cycle accurate simulation using SystemC.</description><identifier>ISSN: 1530-2075</identifier><identifier>ISBN: 1424416930</identifier><identifier>ISBN: 9781424416936</identifier><identifier>EISBN: 1424416949</identifier><identifier>EISBN: 9781424416943</identifier><identifier>DOI: 10.1109/IPDPS.2008.4536531</identifier><language>eng</language><publisher>IEEE</publisher><subject>Associative memory ; CADCAM ; Cams ; Computer aided manufacturing ; Encoding ; Intrusion detection ; Reconfigurable logic ; Routing ; Switches ; Telecommunication switching</subject><ispartof>2008 IEEE International Symposium on Parallel and Distributed Processing, 2008, p.1-8</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4536531$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4536531$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Ying Yu</creatorcontrib><creatorcontrib>Hoare, R.R.</creatorcontrib><creatorcontrib>Jones, A.K.</creatorcontrib><title>A CAM-based intrusion detection system for single-packet attack detection</title><title>2008 IEEE International Symposium on Parallel and Distributed Processing</title><addtitle>IPDPS</addtitle><description>Many telecommunications devices such as network switches contain content addressable memories (CAMs) for uses such as routing tables. CAMs, a class of associative memories, contain considerable logic for various forms of content matching and can be considered a class of reconfigurable logic engines. This paper demonstrates how a commercial ternary CAM and traditional RAM can be used with minimal additional logic to implement over 90% of the Snort 2.0 intrusion detection system (IDS) at line speeds of or exceeding 1 Gbs. In addition to simple matching techniques, sophisticated matching operations required by Snort can be implemented by levering an iterative approach that leverages a post processing action RAM. Additionally, a novel range encoding algorithm allows range matching required in the CAM for which other encodings either exceed the width provided by a CAM entry, or require excessive number of CAM entries to be scalable. The system was implemented for verification and performance evaluation in cycle accurate simulation using SystemC.</description><subject>Associative memory</subject><subject>CADCAM</subject><subject>Cams</subject><subject>Computer aided manufacturing</subject><subject>Encoding</subject><subject>Intrusion detection</subject><subject>Reconfigurable logic</subject><subject>Routing</subject><subject>Switches</subject><subject>Telecommunication switching</subject><issn>1530-2075</issn><isbn>1424416930</isbn><isbn>9781424416936</isbn><isbn>1424416949</isbn><isbn>9781424416943</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2008</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNpFkEFLw0AQhVdUsNb-Ab3kD2ycyc6m2WOIVgMVC_ZeNtlZibZpya6H_nsjFvou8z2YNzxGiHuEFBHMY716Wn2kGUCRkla5VnghbpEyIswNmcuzUXAlJqgVyAzm-kbMQviCUWMsIzURdZlU5ZtsbGCXdH0cfkK37xPHkdv4R-EYIu8Svx-S0PWfW5YH235zTGyMI5w378S1t9vAs9OcivXieV29yuX7S12VS9kZiFI1BGhyRx7G2hqYyTsi6zW2bLRBypnnvsnJG1NAhu0o67BghYVunZqKh_-zHTNvDkO3s8Nxc_qC-gUdQk76</recordid><startdate>200804</startdate><enddate>200804</enddate><creator>Ying Yu</creator><creator>Hoare, R.R.</creator><creator>Jones, A.K.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200804</creationdate><title>A CAM-based intrusion detection system for single-packet attack detection</title><author>Ying Yu ; Hoare, R.R. ; Jones, A.K.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-3b40196d4f065350ee4fd44af51ce959146ee7fb64f998021ccccad18e3185cd3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2008</creationdate><topic>Associative memory</topic><topic>CADCAM</topic><topic>Cams</topic><topic>Computer aided manufacturing</topic><topic>Encoding</topic><topic>Intrusion detection</topic><topic>Reconfigurable logic</topic><topic>Routing</topic><topic>Switches</topic><topic>Telecommunication switching</topic><toplevel>online_resources</toplevel><creatorcontrib>Ying Yu</creatorcontrib><creatorcontrib>Hoare, R.R.</creatorcontrib><creatorcontrib>Jones, A.K.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Ying Yu</au><au>Hoare, R.R.</au><au>Jones, A.K.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A CAM-based intrusion detection system for single-packet attack detection</atitle><btitle>2008 IEEE International Symposium on Parallel and Distributed Processing</btitle><stitle>IPDPS</stitle><date>2008-04</date><risdate>2008</risdate><spage>1</spage><epage>8</epage><pages>1-8</pages><issn>1530-2075</issn><isbn>1424416930</isbn><isbn>9781424416936</isbn><eisbn>1424416949</eisbn><eisbn>9781424416943</eisbn><abstract>Many telecommunications devices such as network switches contain content addressable memories (CAMs) for uses such as routing tables. CAMs, a class of associative memories, contain considerable logic for various forms of content matching and can be considered a class of reconfigurable logic engines. This paper demonstrates how a commercial ternary CAM and traditional RAM can be used with minimal additional logic to implement over 90% of the Snort 2.0 intrusion detection system (IDS) at line speeds of or exceeding 1 Gbs. In addition to simple matching techniques, sophisticated matching operations required by Snort can be implemented by levering an iterative approach that leverages a post processing action RAM. Additionally, a novel range encoding algorithm allows range matching required in the CAM for which other encodings either exceed the width provided by a CAM entry, or require excessive number of CAM entries to be scalable. The system was implemented for verification and performance evaluation in cycle accurate simulation using SystemC.</abstract><pub>IEEE</pub><doi>10.1109/IPDPS.2008.4536531</doi><tpages>8</tpages></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 1530-2075 |
| ispartof | 2008 IEEE International Symposium on Parallel and Distributed Processing, 2008, p.1-8 |
| issn | 1530-2075 |
| language | eng |
| recordid | cdi_ieee_primary_4536531 |
| source | IEEE Electronic Library (IEL) Conference Proceedings |
| subjects | Associative memory CADCAM Cams Computer aided manufacturing Encoding Intrusion detection Reconfigurable logic Routing Switches Telecommunication switching |
| title | A CAM-based intrusion detection system for single-packet attack detection |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-29T14%3A08%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20CAM-based%20intrusion%20detection%20system%20for%20single-packet%20attack%20detection&rft.btitle=2008%20IEEE%20International%20Symposium%20on%20Parallel%20and%20Distributed%20Processing&rft.au=Ying%20Yu&rft.date=2008-04&rft.spage=1&rft.epage=8&rft.pages=1-8&rft.issn=1530-2075&rft.isbn=1424416930&rft.isbn_list=9781424416936&rft_id=info:doi/10.1109/IPDPS.2008.4536531&rft_dat=%3Cieee_6IE%3E4536531%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=1424416949&rft.eisbn_list=9781424416943&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4536531&rfr_iscdi=true |