 TCP/IP Reassembly in Network Intrusion Detection and Prevention SystemsXiaojun Wang and
Brendan Cronin
International Journal of Information Security and Privacy (IJISP), 2014, vol. 8, issue 3, 63-76 Abstract: Deep Packet Inspection (DPI) in Network Intrusion Detection and Prevention Systems (NIDPS) typically involves the matching of packet payloads against attack signatures in the form of fixed strings and regular expressions. As an attack pattern may span multiple IP fragments or TCP segments, accurate DPI requires that the traffic is reassembled prior to analysis of the payload data stream. Although hardware acceleration of the TCP layer, including reassembly, is well known in the form of TCP Offload Engines for Network Interface Cards, only limited research has been conducted into reassembly architectures suited to the particular requirements of DPI systems. The challenging requirements include the tracking and fragment/segment reordering of a potentially very large number of streams in addition to dealing with subtle ambiguities in IP fragmentation and TCP segmentation using target based reassembly or traffic normalization. In this article, the authors present a combined hardware and software architecture which harnesses the resources of the latest FPGA technology to improve on existing research proposals. Date: 2014 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:igg:jisp00:v:8:y:2014:i:3:p:63-76 Access Statistics for this article International Journal of Information Security and Privacy (IJISP) is currently edited by Yassine Maleh More articles in International Journal of Information Security and Privacy (IJISP) from IGI Global |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.