An intrusion detection sensor for the NetVM virtual processor

In the wide scenario of packet processing architectures, the development of ever sophisticated applications faces the challenge of finding a balance between different requirements: ever increasing performance, flexibility, and portability of the software across different platforms and hardware architectures. The Network Virtual Machine (NetVM) aims at responding to such defy by taking into account all these elements and by providing an abstract architecture for developing today's packet processing applications. In order to demonstrate that the NetVM platform can be profitably employed for the development of complex applications, we developed a Snort-like network intrusion detection sensor. In this paper we present its architecture and show that NetVM represents an excellent target for the dynamic generation of packet processing programs.

[1]  Nen-Fu Huang,et al.  A fast pattern-match engine for network processor-based network intrusion detection system , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[2]  William H. Mangione-Smith,et al.  A pattern matching co-processor for network security , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[3]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[4]  T. V. Lakshman,et al.  Fast and memory-efficient regular expression matching for deep packet inspection , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[5]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[6]  Evangelos P. Markatos,et al.  Code Generation for Packet Header Intrusion Analysis on the IXP1200 Network Processor , 2003, SCOPES.

[7]  Fulvio Risso,et al.  Towards Effective Portability of Packet Handling Applications across Heterogeneous Hardware Platforms , 2005, IWAN.

[8]  John W. Lockwood,et al.  Fast and scalable pattern matching for content filtering , 2005, 2005 Symposium on Architectures for Networking and Communications Systems (ANCS).

[9]  Viktor K. Prasanna,et al.  Fast Regular Expression Matching Using FPGAs , 2001, The 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM'01).

[10]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[11]  Fulvio Risso,et al.  NetPDL: An extensible XML-based language for packet header description , 2006, Comput. Networks.

[12]  Richard Sharp,et al.  Task Partitioning for Multi-core Network Processors , 2005, CC.

[13]  Larry L. Peterson,et al.  VERA: an extensible router architecture , 2002, Comput. Networks.

[14]  Eddie Kohler,et al.  The Click modular router , 1999, SOSP.

[15]  John W. Lockwood,et al.  Deep packet inspection using parallel Bloom filters , 2003, 11th Symposium on High Performance Interconnects, 2003. Proceedings..

[16]  Michael K. Chen,et al.  Shangri-La: achieving high performance from compiled network applications while enabling ease of programming , 2005, PLDI '05.