Open AccessTowards Software-Based Signature Detection for Intrusion Prevention on the Network Card
Author(s) -
Herbert Bos,
Kaiming Huang
Publication year - 2006
Publication title -
lecture notes in computer science
Language(s) - English
Resource type - Book series
SCImago Journal Rank - 0.249
H-Index - 400
eISSN - 1611-3349
pISSN - 0302-9743
DOI - 10.1007/11663812_6
Subject(s) - computer science , intrusion detection system , payload (computing) , ethernet , host (biology) , network packet , host based intrusion detection system , software , signature (topology) , network processor , computer network , operating system , embedded system , real time computing , network interface controller , computer hardware , computer security , intrusion prevention system , ecology , geometry , mathematics , biology
CardGuard is a signature detection system for intrusion detection and prevention that scans the entire payload of packets for suspicious patterns and is implemented in software on a network card equiped with an Intel IXP1200 network processor. One card can be used to protect either a single host, or a small group of machines connected to a switch. CardGuard is non-intrusive in the sense that no cycles of the host CPUs are used for intrusion detection and the system operates at Fast Ethernet link rate. TCP flows are first reconstructed before they are scanned with the Aho-Corasick algorithm.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom