SIFT: Snort Intrusion Filter for TCP

Stanford, California, USA August 17-August 19

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CONECT.2005.33

13th Symposium on High Performance In ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michael Attig Articles by John Lockwood

	ASCII Text	x
	Michael Attig, John Lockwood, "SIFT: Snort Intrusion Filter for TCP," High-Performance Interconnects, Symposium on, pp. 121-127, 13th Symposium on High Performance Interconnects (HOTI'05), 2005.

	BibTex	x
	@article{ 10.1109/CONECT.2005.33, author = {Michael Attig and John Lockwood}, title = {SIFT: Snort Intrusion Filter for TCP}, journal ={High-Performance Interconnects, Symposium on}, volume = {0}, year = {2005}, issn = {1550-4794}, pages = {121-127}, doi = {http://doi.ieeecomputersociety.org/10.1109/CONECT.2005.33}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - High-Performance Interconnects, Symposium on TI - SIFT: Snort Intrusion Filter for TCP SN - 1550-4794 SP121 EP127 A1 - Michael Attig, A1 - John Lockwood, PY - 2005 KW - null VL - 0 JA - High-Performance Interconnects, Symposium on ER -

Michael Attig, Washington University in St. Louis

John Lockwood, Washington University in St. Louis

Intrusion rule processing in reconfigurable hardware enables intrusion detection and prevention services to run at multi Gigabit/second rates. High-level intrusion rules mapped directly into hardware separate malicious content from benign content in network traffic. Hardware parallelism allows intrusion systems to scale to support fast network links, such as OC-192 and 10 Gbps Ethernet.

In this paper, a Snort Intrusion Filter for TCP (SIFT) is presented that operates as a preprocessor to prevent benign traffic from being inspected by an intrusion monitor running Snort. Snort is a popular open-source rule-processing intrusion system. SIFT selectively forwards IP packets that contain questionable headers or defined signatures to a PC where complete rule processing is performed. SIFT alleviates the need for most network traffic from being inspected by software.

Statistics, like how many packets match rules, are used to optimize rule processing systems. SIFT has been implemented and tested in FPGA hardware and used to process Internet traffic from a campus Internet backbone with live data

Citation:

Michael Attig, John Lockwood, "SIFT: Snort Intrusion Filter for TCP," hoti, pp.121-127, 13th Symposium on High Performance Interconnects (HOTI'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.