KR20020024507A - Parallel processing system for decision on intrusion - Google Patents

Parallel processing system for decision on intrusion Download PDF

Info

Publication number
KR20020024507A
KR20020024507A KR1020000056316A KR20000056316A KR20020024507A KR 20020024507 A KR20020024507 A KR 20020024507A KR 1020000056316 A KR1020000056316 A KR 1020000056316A KR 20000056316 A KR20000056316 A KR 20000056316A KR 20020024507 A KR20020024507 A KR 20020024507A
Authority
KR
South Korea
Prior art keywords
intrusion
input
processing system
parallel processing
patterns
Prior art date
Application number
KR1020000056316A
Other languages
Korean (ko)
Inventor
이도헌
Original Assignee
김병기
(주)넥스팝
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 김병기, (주)넥스팝 filed Critical 김병기
Priority to KR1020000056316A priority Critical patent/KR20020024507A/en
Publication of KR20020024507A publication Critical patent/KR20020024507A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Virology (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Hardware Redundancy (AREA)

Abstract

PURPOSE: A parallel processing system is provided to effectively detect the intrusion at a high speed by storing patterns of intrusion cases in a memory, receiving a network packet through an interface with a computer system, and comparing the inputted network packet with the stored intrusion case patterns using a hardware parallel processor. CONSTITUTION: A parallel processing system for intrusion judgement is composed of an intrusion detection engine(11), intrusions pattern memory(12), and an input/out interface(13). The intrusion detection engine(11) compares a single network packet inputted to a parallel processor with a plurality of intrusion case patterns in parallel. The intrusion pattern memory(12) stores intrusion case patterns collected based on existing intrusion cases. The input/out interface(13) provides a path to transmit and/or receive data with a computer.

Description

침입 판정을 위한 병렬처리 시스템 {Parallel processing system for decision on intrusion}Parallel processing system for decision on intrusion

네트워크 게이트웨이 서버에 장착 가능한 보드 형태의 하드웨어로, 내부 통신망으로 유입되는 패킷에 대해 병렬 처리를 이용하여 고속으로 침입 탐지를 수행하는 시스템에 관한 것이다.It is a board-type hardware that can be mounted on a network gateway server, and relates to a system that performs intrusion detection at a high speed by using parallel processing for packets flowing into an internal communication network.

외부로부터 통신망을 통하여 발생되는 침입에 대한 탐지는 네트워크 게이트웨이 또는 개별적인 컴퓨터에서 소프트웨어적으로 수행되고 있다. 이 방법은 시스템에 과다한 부하를 요구하게되어 시스템의 전체적인 성능을 저하시키는 요인이 되고 있다. 또한, 침입 사례가 다양화되어 침입 패턴의 수가 늘어 날 경우 효율적인 대처가 어려워진다.Detection of intrusions generated through external communication networks is performed in software at network gateways or individual computers. This method requires an excessive load on the system, which is a factor that degrades the overall performance of the system. In addition, when the intrusion cases are diversified and the number of intrusion patterns increases, efficient coping becomes difficult.

본 발명은 상기에 기술한 바와 같은 종래의 비효율적인 침입 탐지의 문제점을 해소하기 위한 방안으로,,The present invention is to solve the problem of the conventional inefficient intrusion detection as described above,

침입 사례의 패턴을 별도의 저장소(메모리)에 저장하고;Storing the pattern of intrusion cases in a separate storage (memory);

컴퓨터 시스템과의 인터페이스를 통하여 네트워크 패킷을 입력받고;Receive a network packet through an interface with a computer system;

입력되는 네트워크 패킷과 저장된 침입 사례 패턴을 하드웨어 병렬 처리기를 이용하여 고속으로 비교하여 고속의 효과적인 침입 탐지를 수행하는데 그 목적이 있다.Its purpose is to perform fast intrusion detection by comparing incoming network packets with stored intrusion case patterns at high speed using a hardware parallel processor.

제 1도는 본 발명이 적용되는 구성 요소 및 구성도를 나타낸 도면.1 is a view showing the components and configuration diagram to which the present invention is applied.

◎ 도면의 주요부분에 대한 부호의 설명◎ Explanation of symbols for main part of drawing

11 : 침입탐지 엔진 12 : 침입 패턴 저장소11: intrusion detection engine 12: intrusion pattern storage

13 : 인터페이스13: interface

상기 목적을 달성하기 위한 본 발명은 침입 탐지 엔진(11), 침입 패턴 저장소(12) 및 입출력 인터페이스(13)로 구성된 하드웨어 병렬처리 시스템에 있어서,The present invention for achieving the above object is a hardware parallel processing system consisting of an intrusion detection engine 11, intrusion pattern storage 12 and input and output interface 13,

침입 사례에 대한 패턴을 저장하는 내장된 메모리를 가지며,Has built-in memory to store patterns for intrusion cases

컴퓨터와 입출력 인터페이스를 제공하며, 이 인터페이스를 통하여 네트워크로 입력되는 패킷을 전달받고,It provides input / output interface with a computer, and receives the packet that enters the network through this interface.

입력된 네트워크 패킷과 저장된 침입 사례 패턴을 비교하는 병렬 처리기로 구성된 것을 특징으로 한다.Characterized in that it consists of a parallel processor for comparing the input network packet and the stored intrusion case pattern.

이하 첨부된 도면을 참조하여 본 발명의 구체적인 구성 및 바람직한 실시 예에 대하여 설명한다.Hereinafter, specific configurations and preferred embodiments of the present invention will be described with reference to the accompanying drawings.

제 1도는 본 발명이 적용되는 시스템의 개략적인 구성도로서 침입 탐지 엔진(11), 침입 패턴 저장소(12) 및 입출력 인터페이스(13)로 구성된다.1 is a schematic configuration diagram of a system to which the present invention is applied and includes an intrusion detection engine 11, an intrusion pattern store 12, and an input / output interface 13.

침입 탐지 엔진(11)은 병렬처리기로 입력되는 네트워크 패킷과 침입 사례 패턴을 상호 비교하는 부분으로 입력되는 단일 네트워크 패킷을 다수의 침입 사례 패턴과 병렬로 정합 여부를 비교한다.The intrusion detection engine 11 compares a single network packet input in parallel with a plurality of intrusion case patterns and compares the network packet input to the parallel processor with the intrusion case pattern.

침입 패턴 저장소(12)는 기존의 침입 사례로부터 수집된 침입 사례 패턴을 저장하는 내장된 메모리로 입력되는 네트워크 패킷과 정합(매칭) 비교에 이용된다.The intrusion pattern store 12 is used for matching (matching) matching with a network packet input into an internal memory that stores intrusion case patterns collected from existing intrusion cases.

입출력 인터페이스(13)는 본 발명이 고안한 하드웨어가 장착되는 컴퓨터와의 데이터(네트워크 패킷 및 정합 비교 결과)를 송수신하기 위한 통로를 제공한다. 인터페이스의 규격은 장착되게되는 컴퓨터 시스템에 종속적이다.The input / output interface 13 provides a passage for transmitting and receiving data (network packet and match comparison result) with a computer equipped with the hardware devised by the present invention. The specification of the interface depends on the computer system to be mounted.

통신망을 통하여 유입된 패킷은 먼저 본 발명이 고안한 시스템의 인터페이스(13)를 통하여 특정한 버퍼 메모리네 저장되고, 저장된 입력 패킷은 침입 탐지 엔진(11)에 의하여 침입 패턴 저장소(12)에 저장되어 있는 기존의 침입 사례와 정합 비교된다. 정합 비교의 결과에 따라 정상적인 네트워크 패킷은 내부 통신망 또는 각 컴퓨터의 내부로 전달된다. 침입이 의심되는 패킷에 대해서는 별도의 저장공간에 저장하고, 네트워크 관리자 또는 컴퓨터의 사용자에게 별도의 판정 및 조치를 강구토록 경보를 발생한다.Packets introduced through the communication network are first stored in a specific buffer memory through the interface 13 of the system of the present invention, and the stored input packets are stored in the intrusion pattern store 12 by the intrusion detection engine 11. Matches with existing intrusion cases. As a result of the match comparison, normal network packets are forwarded to the internal network or to each computer. Packets suspected of intrusion are stored in a separate storage space, and an alert is issued to the network administrator or a user of the computer to make a separate determination and action.

이상에서 상술한 바와 같이 본 발명은 현재의 소프트웨어적인 네트워크 패킷에 대한 탐지를 고속의 병렬 처리 하드웨어를 이용하여 수행함으로써, 입력 패킷에 대한 신속하고 정확한 판정을 가능하게 하여 통신망 및 컴퓨터 정보 보호의 효율 및 효과를 극대화할 수 있다.As described above, the present invention performs the detection of current software network packets by using high-speed parallel processing hardware, enabling fast and accurate determination of input packets, thereby improving the efficiency of network and computer information protection. The effect can be maximized.

Claims (1)

침입 탐지 엔진(11), 침입 패턴 저장소(12) 및 입출력 인터페이스(13)로 구성된 하드웨어 병렬처리 시스템에 있어서,In the hardware parallel processing system consisting of the intrusion detection engine 11, intrusion pattern storage 12 and input and output interface 13, 침입 사례에 대한 패턴을 저장하는 내장된 메모리를 가지며,Has built-in memory to store patterns for intrusion cases 컴퓨터와 입출력 인터페이스를 제공하며, 이 인터페이스를 통하여 네트워크로 입력되는 패킷을 전달받고,It provides input / output interface with a computer, and receives the packet that enters the network through this interface. 입력된 네트워크 패킷과 저장된 침입 사례 패턴을 비교하는 병렬 처리기로 구성된 것을 특징으로 하는 시스템.A system comprising a parallel processor for comparing input network packets with stored intrusion case patterns.
KR1020000056316A 2000-09-25 2000-09-25 Parallel processing system for decision on intrusion KR20020024507A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020000056316A KR20020024507A (en) 2000-09-25 2000-09-25 Parallel processing system for decision on intrusion

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020000056316A KR20020024507A (en) 2000-09-25 2000-09-25 Parallel processing system for decision on intrusion

Publications (1)

Publication Number Publication Date
KR20020024507A true KR20020024507A (en) 2002-03-30

Family

ID=19690381

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020000056316A KR20020024507A (en) 2000-09-25 2000-09-25 Parallel processing system for decision on intrusion

Country Status (1)

Country Link
KR (1) KR20020024507A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2406485A (en) * 2003-09-11 2005-03-30 Detica Ltd Hardware detection of predermined bit patterns in data packets
KR100519058B1 (en) * 2003-09-02 2005-10-06 김명주 Anti-virus system for parallel processing system
KR100901701B1 (en) * 2006-12-01 2009-06-08 한국전자통신연구원 Intrusion pattern process system and method
KR101252812B1 (en) * 2006-04-25 2013-04-12 주식회사 엘지씨엔에스 Network security device and method for controlling of packet data using the same

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100519058B1 (en) * 2003-09-02 2005-10-06 김명주 Anti-virus system for parallel processing system
GB2406485A (en) * 2003-09-11 2005-03-30 Detica Ltd Hardware detection of predermined bit patterns in data packets
GB2406485B (en) * 2003-09-11 2006-09-13 Detica Ltd Real-time network monitoring and security
KR101252812B1 (en) * 2006-04-25 2013-04-12 주식회사 엘지씨엔에스 Network security device and method for controlling of packet data using the same
KR100901701B1 (en) * 2006-12-01 2009-06-08 한국전자통신연구원 Intrusion pattern process system and method

Similar Documents

Publication Publication Date Title
US9514246B2 (en) Anchored patterns
US7672941B2 (en) Pattern matching using deterministic finite automata and organization of such automata
KR101868720B1 (en) Compiler for regular expressions
Liu et al. A fast string-matching algorithm for network processor-based intrusion detection system
US7134143B2 (en) Method and apparatus for data packet pattern matching
US20150356321A1 (en) Programmable intelligent search memory enabled secure dram
US20110016154A1 (en) Profile-based and dictionary based graph caching
KR20090006838A (en) Malicious attack detection system and an associated method of use
KR100960120B1 (en) Signature String Storing Memory Structure and the Storing Method for the Same, Signature String Pattern Matching Method
CN113114694B (en) DDoS attack detection method oriented to high-speed network packet sampling data acquisition scene
Steadman et al. Dnsxd: Detecting data exfiltration over dns
Afek et al. Making DPI engines resilient to algorithmic complexity attacks
Madhusudan et al. Design of a system for real-time worm detection
KR20020024507A (en) Parallel processing system for decision on intrusion
CN115017502A (en) Flow processing method and protection system
Fide et al. A survey of string matching approaches in hardware
KR20060067077A (en) Apparatus for recognizing abnormal and destructive traffic in network and method thereof
Sabhanatarajan et al. A resource efficient content inspection system for next generation Smart NICs
US7917649B2 (en) Technique for monitoring source addresses through statistical clustering of packets
Yoshioka et al. Rule hashing for efficient packet classification in network intrusion detection
Nourani et al. Bloom filter accelerator for string matching
KR102285661B1 (en) Appatus and method of load balancing in intrusion dectection system
Fukač et al. Increasing memory efficiency of hash-based pattern matching for high-speed networks
Kim et al. Multihash based pattern matching mechanism for high-performance intrusion detection
Kang et al. Design and implementation of a multi-gigabit intrusion and virus/worm detection system

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination