Your browser does not support JavaScript!

Home    Ιεραρχικές Αρχιτεκτονικές από Επεξεργαστές για Αποτροπή Εισβολέων σε Δίκτυα  

Results - Details

Add to Basket
[Add to Basket]
Identifier uch.csd.msc//2004xinidis
Title Ιεραρχικές Αρχιτεκτονικές από Επεξεργαστές για Αποτροπή Εισβολέων σε Δίκτυα
Alternative Title Network Intrusion Prevention on Multilevel Processing Architectures
Creator Xinidis, Konstantinos
Abstract Network intrusion prevention systems provide an important proactive defense capability against security threats by detecting and blocking network attacks. This task can be highly complex, and software-based network intrusion prevention systems are currently not capable of handling high speed links. This work focuses on the design and implementation of a high-performance, low-cost, flexible, and scalable network intrusion prevention system that combines software-based intrusion detection engines and a network processor board. The network processor acts as a customized load balancer that cooperates with a set of content-based network intrusion detection engines in processing network traffic. We show that the components of such a system, if designed properly, can achieve high performance, by eliminating redundant processing and communication. We describe a system architecture and present a prototype built using low-cost, off-the-shelf technology: an IXP1200 network processor evaluation board and commodity PCs. Our evaluation shows that our enhancements reduce the processing load of the intrusion detection engines by at least 59%. The result is a system that can handle a fully-loaded Gigabit Ethernet link using at most four detection engines.
Issue date 2004-11-01
Date available 2005-02-08
Collection   School/Department--School of Sciences and Engineering--Department of Computer Science--Post-graduate theses
  Type of Work--Post-graduate theses
Views 419

Digital Documents
No preview available

Download document
View document
Views : 6