A Survey on Deep Packet Inspection for Intrusion Detection Systems

Deep packet inspection is widely recognized as a powerful way which is used for intrusion detection systems for inspecting, deterring and deflecting malicious attacks over the network. Fundamentally, almost intrusion detection systems have the ability to search through packets and identify contents that match with known attacks. In this paper, we survey the deep packet inspection implementations techniques, research challenges and algorithms. Finally, we provide a comparison between the different applied systems.

[1]  Graham Clark,et al.  Intrusion Prevention and Active Response: Deploying Network and Host IPS , 2005 .

[2]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[3]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[4]  George Varghese,et al.  Automated Worm Fingerprinting , 2004, OSDI.

[5]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[6]  Wayne Luk,et al.  Bitwise optimised CAM for network intrusion detection systems , 2005, International Conference on Field Programmable Logic and Applications, 2005..

[7]  Dionisios N. Pnevmatikatos,et al.  Pre-decoded CAMs for efficient and high-speed NIDS pattern matching , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[8]  Christopher R. Clark,et al.  Scalable pattern matching for high speed networks , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[9]  Herbert Bos,et al.  Towards Software-Based Signature Detection for Intrusion Prevention on the Network Card , 2005, RAID.

[10]  William H. Mangione-Smith,et al.  Deep packet filter with dedicated logic and read only memories , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[11]  Herbert Bos,et al.  SafeCard: A Gigabit IPS on the Network Card , 2006, RAID.

[12]  Jan van Lunteren,et al.  High-Performance Pattern-Matching for Intrusion Detection , 2006, INFOCOM.

[13]  Gerald Tripp A Finite-State-Machine based string matching system for Intrusion Detection on High-Speed Networks , 2005 .

[14]  Beate Commentz-Walter,et al.  A String Matching Algorithm Fast on the Average , 1979, ICALP.

[15]  Patrick Crowley,et al.  Algorithms to accelerate multiple regular expressions matching for deep packet inspection , 2006, SIGCOMM.

[16]  John W. Lockwood,et al.  SIFT: snort intrusion filter for TCP , 2005, 13th Symposium on High Performance Interconnects (HOTI'05).

[17]  E TaylorDavid Survey and taxonomy of packet classification techniques , 2005 .

[18]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[19]  Taeck-Geun Kwon,et al.  A Fast Pattern-Matching Algorithm for Network Intrusion Detection System , 2006, Networking.

[20]  Paul D. Franzon,et al.  Configurable string matching hardware for speeding up intrusion detection , 2005, CARN.

[21]  Timothy Sherwood,et al.  Bit-split string-matching engines for intrusion detection and prevention , 2006, TACO.

[22]  Jonathan S. Turner,et al.  Advanced algorithms for fast and scalable deep packet inspection , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[23]  Anand Rangarajan,et al.  Algorithms for advanced packet classification with ternary CAMs , 2005, SIGCOMM '05.

[24]  Errin W. Fulp,et al.  A taxonomy of parallel techniques for intrusion detection , 2007, ACM-SE 45.

[25]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[26]  T. V. Lakshman,et al.  Gigabit rate packet pattern-matching using TCAM , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[27]  Somesh Jha,et al.  Protomatching network traffic for high throughputnetwork intrusion detection , 2006, CCS '06.

[28]  J. Kruskal On the shortest spanning subtree of a graph and the traveling salesman problem , 1956 .

[29]  Vijay Kumar,et al.  High Speed Pattern Matching for Network IDS/IPS , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[30]  John W. Lockwood,et al.  Deep packet inspection using parallel bloom filters , 2004, IEEE Micro.

[31]  Viktor K. Prasanna,et al.  Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs , 2004, IEEE Transactions on Dependable and Secure Computing.

[32]  Dionisios N. Pnevmatikatos,et al.  Hashing + memory = low cost, exact pattern matching , 2005, International Conference on Field Programmable Logic and Applications, 2005..

[33]  Wenke Lee,et al.  A hardware platform for network intrusion detection and prevention , 2005 .

[34]  John W. Lockwood,et al.  Fast and scalable pattern matching for content filtering , 2005, 2005 Symposium on Architectures for Networking and Communications Systems (ANCS).

[35]  Y. Weinsberg,et al.  High performance string matching algorithm for a network intrusion prevention system (NIPS) , 2006, 2006 Workshop on High Performance Switching and Routing.

[36]  Jintae Oh,et al.  High-Performance Stateful Intrusion Detection System , 2006, 2006 International Conference on Computational Intelligence and Security.

[37]  David E. Taylor Survey and taxonomy of packet classification techniques , 2005, CSUR.

[38]  Youngseok Lee,et al.  A multi-gigabit rate deep packet inspection algorithm using TCAM , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[39]  Sarang Dharmapurikar,et al.  Implementation results of bloom filters for string matching , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[40]  Donald E. Knuth The Art of Computer Programming 2 / Seminumerical Algorithms , 1971 .

[41]  Evangelos P. Markatos,et al.  Generating realistic workloads for network intrusion detection systems , 2004, WOSP '04.

[42]  C.J. Coit,et al.  Towards faster string matching for intrusion detection or exceeding the speed of Snort , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[43]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[44]  Kei Hiraki,et al.  Over 10Gbps String Matching Mechanism for Multi-stream Packet Scanning Systems , 2004, FPL.