Title page for ETD etd-12072004-073638
( Browse | Search ) All Available ETDs
Type of Document Master's Thesis
Author Repanshek, Jacob J.
Author's Email Address jjrst46@alumni.pitt.edu
URN etd-12072004-073638
Title A MULTI-GIGABIT NETWORK PACKET INSPECTION AND ANALYSIS ARCHITECTURE FOR INTRUSION DETECTION AND PREVENTION UTILIZING PIPELINING AND CONTENT-ADDRESSABLE MEMORY
Degree Master of Science in Electrical Engineering
Program Electrical Engineering
School School of Engineering
Advisory Committee
Advisor Name Title
Dr. Raymond R. Hoare Committee Chair
Dr. Alex Jones Committee Member
Dr. James T. Cain Committee Member
Keywords
  • IDS
  • CAM
  • embedded
Date of Defense 2004-09-10
Availability unrestricted
Abstract
Increases in network traffic volume and transmission speeds have given rise to the need for extremely fast packet processing. Many traditional processor-based network devices are no longer sufficient to handle tasks such as packet analysis and intrusion detection at multi-Gigabit rates. This thesis proposes two novel pipelined hardware architectures to relieve the computational load of a processor within network switches and routers. First, the Embedded Protocol Analyzer Pre-Processor (ePAPP) is capable of taking an unclassified packet byte stream directly off of a network cable at line speed and separating the data into individually classified protocol fields. Second, the CAM-Assisted Signature-Matching Architecture (CASMA) uses ternary content-addressable memory to perform the task of stateless intrusion detection signature-matching. The Snort open-source software network intrusion detection system is used as a model for intrusion detection functionality. Structured ASIC synthesis results show that ePAPP supports speeds of 2.89 Gb/s using less than 1% of available logic cells. CASMA is shown to support 1.25 Gb/s using less than 6% of available logic cells. The CASMA architecture is demonstrated to be able to implement 1729 of 1993 or 86.8% of the attack signatures, or rules, packaged with Snort version 2.1.2.
Files
  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  repanshekjj_PittETD2004.pdf 3.05 Mb 00:14:07 00:07:16 00:06:21 00:03:10 00:00:16
If you have questions or comments please send mail to ETD-Feedback.