Research Article
High-performance Architecture of Network Intrusion Prevention Systems
@ARTICLE{10.4108/sis.1.3.e3, author={Zhao Yueai and Hou Pengcheng and Wang Ling and Han Suqing}, title={High-performance Architecture of Network Intrusion Prevention Systems}, journal={EAI Endorsed Transactions on Scalable Information Systems}, volume={1}, number={3}, publisher={ICST}, journal_a={SIS}, year={2014}, month={5}, keywords={Network Intrusion Prevention, Network Processor, heterogeneous multi-core processing architecture, anomaly detection.}, doi={10.4108/sis.1.3.e3} }- Zhao Yueai
Hou Pengcheng
Wang Ling
Han Suqing
Year: 2014
High-performance Architecture of Network Intrusion Prevention Systems
SIS
ICST
DOI: 10.4108/sis.1.3.e3
Abstract
Software-based Network Intrusion Prevention Systems have difficulty in handling high speed links. Network processor (NP) is an emerging field of programmable processors that are optimized to implement network data. In this paper, a novel Network Intrusion Prevention scheme is designed based on a heterogeneous multi-core processing architecture where its NP devices complement genera purpose multi-core processors to improve the performance of packet processing. We use Netronome’s network processor to process network traffic at the data link (Ethernet), network (IP), and transport/control layers. A set of network-based anomaly Intrusion Detection sensors is used in processing network traffic. Experimental results show our enhancements can reduce the processing load of the Intrusion Detection sensors. The load balancing by the protocol is better then other previous work.
Copyright © 2014 Zhao Yueai1 et al., licensed to ICST. This is an open access article distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.