A MULTI-GIGABIT NETWORK PACKET INSPECTION AND ANALYSIS ARCHITECTURE FOR INTRUSION DETECTION AND PREVENTION UTILIZING PIPELINING AND CONTENT-ADDRESSABLE MEMORY

Repanshek, Jacob J. (2005) A MULTI-GIGABIT NETWORK PACKET INSPECTION AND ANALYSIS ARCHITECTURE FOR INTRUSION DETECTION AND PREVENTION UTILIZING PIPELINING AND CONTENT-ADDRESSABLE MEMORY. Master's Thesis, University of Pittsburgh. (Unpublished)

Preview

PDF Primary Text Download (3MB) | Preview

Abstract

Increases in network traffic volume and transmission speeds have given rise to the need for extremely fast packet processing. Many traditional processor-based network devices are no longer sufficient to handle tasks such as packet analysis and intrusion detection at multi-Gigabit rates. This thesis proposes two novel pipelined hardware architectures to relieve the computational load of a processor within network switches and routers. First, the Embedded Protocol Analyzer Pre-Processor (ePAPP) is capable of taking an unclassified packet byte stream directly off of a network cable at line speed and separating the data into individually classified protocol fields. Second, the CAM-Assisted Signature-Matching Architecture (CASMA) uses ternary content-addressable memory to perform the task of stateless intrusion detection signature-matching. The Snort open-source software network intrusion detection system is used as a model for intrusion detection functionality. Structured ASIC synthesis results show that ePAPP supports speeds of 2.89 Gb/s using less than 1% of available logic cells. CASMA is shown to support 1.25 Gb/s using less than 6% of available logic cells. The CASMA architecture is demonstrated to be able to implement 1729 of 1993 or 86.8% of the attack signatures, or rules, packaged with Snort version 2.1.2.

---

Share

Citation/Export:	Select format... Citation - Text Citation - HTML Endnote BibTex Dublin Core OpenURL MARC (ISO 2709) METS MODS EP3 XML Reference Manager Refer
Social Networking:	Share |

---

Details

Item Type:	University of Pittsburgh ETD
Status:	Unpublished
Creators/Authors:	Creators Email Pitt Username ORCID Repanshek, Jacob J. jjrst46@alumni.pitt.edu JJR97
ETD Committee:	Title Member Email Address Pitt Username ORCID Committee Chair Hoare, Raymond R hoare@pitt.edu HOARE Committee Member Jones, Alex akjones@ee.pitt.edu AKJONES Committee Member Cain, James T cain@ee.pitt.edu JTC
Date:	28 January 2005
Date Type:	Completion
Defense Date:	10 September 2004
Approval Date:	28 January 2005
Submission Date:	7 December 2004
Access Restriction:	No restriction; Release the ETD for access worldwide immediately.
Institution:	University of Pittsburgh
Schools and Programs:	Swanson School of Engineering > Electrical Engineering
Degree:	MSEE - Master of Science in Electrical Engineering
Thesis Type:	Master's Thesis
Refereed:	Yes
Uncontrolled Keywords:	CAM; embedded; IDS
Other ID:	http://etd.library.pitt.edu/ETD/available/etd-12072004-073638/, etd-12072004-073638
Date Deposited:	10 Nov 2011 20:08
Last Modified:	19 Dec 2016 14:38
URI:	http://d-scholarship.pitt.edu/id/eprint/10118

---

Metrics

Monthly Views for the past 3 years

Plum Analytics

---

Actions (login required)

View Item