Share Email Print
cover

Proceedings Paper

Generation of high-performance protocol-aware analyzers with applications in intrusion detection systems
Author(s): Jordi Ros-Giralt; Peter Szilagyi; James Ezick; David Wohlford; Richard Lethin
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

Traditional Intrusion Detection and Prevention (IDP) systems scan packets quickly by applying simple byte-wise pattern signatures to network flows. Such a protocol-agnostic approach can be compromised with polymorphic attacks: slight modifications of exploits that bypass pattern signatures but still reach corresponding vulnerabilities. To protect against these attacks, a solution is to provision the IDP system with protocol awareness, at the risk of degrading performance. To balance vulnerability coverage against network performance, we introduce a hardware-aware, compiler-based platform that leverages hardware engines to accelerate the core functions of protocol parsing and protocol-aware signature evaluation.

Paper Details

Date Published: 28 April 2010
PDF: 12 pages
Proc. SPIE 7709, Cyber Security, Situation Management, and Impact Assessment II; and Visual Analytics for Homeland Defense and Security II, 770909 (28 April 2010); doi: 10.1117/12.848702
Show Author Affiliations
Jordi Ros-Giralt, Reservoir Labs, Inc. (United States)
Peter Szilagyi, Reservoir Labs, Inc. (United States)
James Ezick, Reservoir Labs, Inc. (United States)
David Wohlford, Reservoir Labs, Inc. (United States)
Richard Lethin, Reservoir Labs, Inc. (United States)


Published in SPIE Proceedings Vol. 7709:
Cyber Security, Situation Management, and Impact Assessment II; and Visual Analytics for Homeland Defense and Security II
William J. Tolone; William Ribarsky; John F. Buford; Gabriel Jakobson; John Erickson, Editor(s)

© SPIE. Terms of Use
Back to Top