By Topic

TCP reassembly for signature-based Network Intrusion Detection systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Ngoc Thinh Tran ; Dept. of Comput. Eng., HCMUT, Ho Chi Minh City, Vietnam ; Tomiyama, S. ; Kittitornkun, S. ; Tran Huy Vu

Rapid development of network makes it a very important and vulnerable part of every field of life. Many intrusion detection systems are developed to protect the network using signature-based matching technique. For connection oriented protocols, such as Transmission Control Protocol, the data should be reassembled before being scanned by the matching engine. Several techniques are introduced to reassemble TCP packets on FPGA. However, they have some disadvantages such as inefficient memory, unscalable system, and unsupported complex TCP connections. In this paper, we propose a multi-linked-list approach and a combination of edge buffering scheme for TCP reassembly, which helps detecting cross packets intrusion signatures. Our architecture not only supports TCP connections with up to 4 concurrent holes, but also uses memory more efficiently than others. The experimental results show that our system can hold about 256K connections simultaneously and support up to 46K out-of-sequence connections with only 64MB DRAM.

Published in:

Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2012 9th International Conference on

Date of Conference:

16-18 May 2012