Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

A MULTI-GIGABIT NETWORK PACKET INSPECTION AND ANALYSIS ARCHITECTURE FOR INTRUSION DETECTION AND PREVENTION UTILIZING PIPELINING AND CONTENT-ADDRESSABLE MEMORY

Repanshek, Jacob J. (2005) A MULTI-GIGABIT NETWORK PACKET INSPECTION AND ANALYSIS ARCHITECTURE FOR INTRUSION DETECTION AND PREVENTION UTILIZING PIPELINING AND CONTENT-ADDRESSABLE MEMORY. Master's Thesis, University of Pittsburgh. (Unpublished)

[img]
Preview
PDF
Primary Text

Download (3MB) | Preview

Abstract

Increases in network traffic volume and transmission speeds have given rise to the need for extremely fast packet processing. Many traditional processor-based network devices are no longer sufficient to handle tasks such as packet analysis and intrusion detection at multi-Gigabit rates. This thesis proposes two novel pipelined hardware architectures to relieve the computational load of a processor within network switches and routers. First, the Embedded Protocol Analyzer Pre-Processor (ePAPP) is capable of taking an unclassified packet byte stream directly off of a network cable at line speed and separating the data into individually classified protocol fields. Second, the CAM-Assisted Signature-Matching Architecture (CASMA) uses ternary content-addressable memory to perform the task of stateless intrusion detection signature-matching. The Snort open-source software network intrusion detection system is used as a model for intrusion detection functionality. Structured ASIC synthesis results show that ePAPP supports speeds of 2.89 Gb/s using less than 1% of available logic cells. CASMA is shown to support 1.25 Gb/s using less than 6% of available logic cells. The CASMA architecture is demonstrated to be able to implement 1729 of 1993 or 86.8% of the attack signatures, or rules, packaged with Snort version 2.1.2.


Share

Citation/Export:
Social Networking:
Share |

Details

Item Type: University of Pittsburgh ETD
Status: Unpublished
Creators/Authors:
CreatorsEmailPitt UsernameORCID
Repanshek, Jacob J.jjrst46@alumni.pitt.eduJJR97
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee ChairHoare, Raymond Rhoare@pitt.eduHOARE
Committee MemberJones, Alexakjones@ee.pitt.eduAKJONES
Committee MemberCain, James Tcain@ee.pitt.eduJTC
Date: 28 January 2005
Date Type: Completion
Defense Date: 10 September 2004
Approval Date: 28 January 2005
Submission Date: 7 December 2004
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Institution: University of Pittsburgh
Schools and Programs: Swanson School of Engineering > Electrical Engineering
Degree: MSEE - Master of Science in Electrical Engineering
Thesis Type: Master's Thesis
Refereed: Yes
Uncontrolled Keywords: CAM; embedded; IDS
Other ID: http://etd.library.pitt.edu/ETD/available/etd-12072004-073638/, etd-12072004-073638
Date Deposited: 10 Nov 2011 20:08
Last Modified: 19 Dec 2016 14:38
URI: http://d-scholarship.pitt.edu/id/eprint/10118

Metrics

Monthly Views for the past 3 years

Plum Analytics


Actions (login required)

View Item View Item