KR20020024507A - Parallel processing system for decision on intrusion - Google Patents
Parallel processing system for decision on intrusion Download PDFInfo
- Publication number
- KR20020024507A KR20020024507A KR1020000056316A KR20000056316A KR20020024507A KR 20020024507 A KR20020024507 A KR 20020024507A KR 1020000056316 A KR1020000056316 A KR 1020000056316A KR 20000056316 A KR20000056316 A KR 20000056316A KR 20020024507 A KR20020024507 A KR 20020024507A
- Authority
- KR
- South Korea
- Prior art keywords
- intrusion
- input
- processing system
- parallel processing
- patterns
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Virology (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Hardware Redundancy (AREA)
Abstract
Description
네트워크 게이트웨이 서버에 장착 가능한 보드 형태의 하드웨어로, 내부 통신망으로 유입되는 패킷에 대해 병렬 처리를 이용하여 고속으로 침입 탐지를 수행하는 시스템에 관한 것이다.It is a board-type hardware that can be mounted on a network gateway server, and relates to a system that performs intrusion detection at a high speed by using parallel processing for packets flowing into an internal communication network.
외부로부터 통신망을 통하여 발생되는 침입에 대한 탐지는 네트워크 게이트웨이 또는 개별적인 컴퓨터에서 소프트웨어적으로 수행되고 있다. 이 방법은 시스템에 과다한 부하를 요구하게되어 시스템의 전체적인 성능을 저하시키는 요인이 되고 있다. 또한, 침입 사례가 다양화되어 침입 패턴의 수가 늘어 날 경우 효율적인 대처가 어려워진다.Detection of intrusions generated through external communication networks is performed in software at network gateways or individual computers. This method requires an excessive load on the system, which is a factor that degrades the overall performance of the system. In addition, when the intrusion cases are diversified and the number of intrusion patterns increases, efficient coping becomes difficult.
본 발명은 상기에 기술한 바와 같은 종래의 비효율적인 침입 탐지의 문제점을 해소하기 위한 방안으로,,The present invention is to solve the problem of the conventional inefficient intrusion detection as described above,
침입 사례의 패턴을 별도의 저장소(메모리)에 저장하고;Storing the pattern of intrusion cases in a separate storage (memory);
컴퓨터 시스템과의 인터페이스를 통하여 네트워크 패킷을 입력받고;Receive a network packet through an interface with a computer system;
입력되는 네트워크 패킷과 저장된 침입 사례 패턴을 하드웨어 병렬 처리기를 이용하여 고속으로 비교하여 고속의 효과적인 침입 탐지를 수행하는데 그 목적이 있다.Its purpose is to perform fast intrusion detection by comparing incoming network packets with stored intrusion case patterns at high speed using a hardware parallel processor.
제 1도는 본 발명이 적용되는 구성 요소 및 구성도를 나타낸 도면.1 is a view showing the components and configuration diagram to which the present invention is applied.
◎ 도면의 주요부분에 대한 부호의 설명◎ Explanation of symbols for main part of drawing
11 : 침입탐지 엔진 12 : 침입 패턴 저장소11: intrusion detection engine 12: intrusion pattern storage
13 : 인터페이스13: interface
상기 목적을 달성하기 위한 본 발명은 침입 탐지 엔진(11), 침입 패턴 저장소(12) 및 입출력 인터페이스(13)로 구성된 하드웨어 병렬처리 시스템에 있어서,The present invention for achieving the above object is a hardware parallel processing system consisting of an intrusion detection engine 11, intrusion pattern storage 12 and input and output interface 13,
침입 사례에 대한 패턴을 저장하는 내장된 메모리를 가지며,Has built-in memory to store patterns for intrusion cases
컴퓨터와 입출력 인터페이스를 제공하며, 이 인터페이스를 통하여 네트워크로 입력되는 패킷을 전달받고,It provides input / output interface with a computer, and receives the packet that enters the network through this interface.
입력된 네트워크 패킷과 저장된 침입 사례 패턴을 비교하는 병렬 처리기로 구성된 것을 특징으로 한다.Characterized in that it consists of a parallel processor for comparing the input network packet and the stored intrusion case pattern.
이하 첨부된 도면을 참조하여 본 발명의 구체적인 구성 및 바람직한 실시 예에 대하여 설명한다.Hereinafter, specific configurations and preferred embodiments of the present invention will be described with reference to the accompanying drawings.
제 1도는 본 발명이 적용되는 시스템의 개략적인 구성도로서 침입 탐지 엔진(11), 침입 패턴 저장소(12) 및 입출력 인터페이스(13)로 구성된다.1 is a schematic configuration diagram of a system to which the present invention is applied and includes an intrusion detection engine 11, an intrusion pattern store 12, and an input / output interface 13.
침입 탐지 엔진(11)은 병렬처리기로 입력되는 네트워크 패킷과 침입 사례 패턴을 상호 비교하는 부분으로 입력되는 단일 네트워크 패킷을 다수의 침입 사례 패턴과 병렬로 정합 여부를 비교한다.The intrusion detection engine 11 compares a single network packet input in parallel with a plurality of intrusion case patterns and compares the network packet input to the parallel processor with the intrusion case pattern.
침입 패턴 저장소(12)는 기존의 침입 사례로부터 수집된 침입 사례 패턴을 저장하는 내장된 메모리로 입력되는 네트워크 패킷과 정합(매칭) 비교에 이용된다.The intrusion pattern store 12 is used for matching (matching) matching with a network packet input into an internal memory that stores intrusion case patterns collected from existing intrusion cases.
입출력 인터페이스(13)는 본 발명이 고안한 하드웨어가 장착되는 컴퓨터와의 데이터(네트워크 패킷 및 정합 비교 결과)를 송수신하기 위한 통로를 제공한다. 인터페이스의 규격은 장착되게되는 컴퓨터 시스템에 종속적이다.The input / output interface 13 provides a passage for transmitting and receiving data (network packet and match comparison result) with a computer equipped with the hardware devised by the present invention. The specification of the interface depends on the computer system to be mounted.
통신망을 통하여 유입된 패킷은 먼저 본 발명이 고안한 시스템의 인터페이스(13)를 통하여 특정한 버퍼 메모리네 저장되고, 저장된 입력 패킷은 침입 탐지 엔진(11)에 의하여 침입 패턴 저장소(12)에 저장되어 있는 기존의 침입 사례와 정합 비교된다. 정합 비교의 결과에 따라 정상적인 네트워크 패킷은 내부 통신망 또는 각 컴퓨터의 내부로 전달된다. 침입이 의심되는 패킷에 대해서는 별도의 저장공간에 저장하고, 네트워크 관리자 또는 컴퓨터의 사용자에게 별도의 판정 및 조치를 강구토록 경보를 발생한다.Packets introduced through the communication network are first stored in a specific buffer memory through the interface 13 of the system of the present invention, and the stored input packets are stored in the intrusion pattern store 12 by the intrusion detection engine 11. Matches with existing intrusion cases. As a result of the match comparison, normal network packets are forwarded to the internal network or to each computer. Packets suspected of intrusion are stored in a separate storage space, and an alert is issued to the network administrator or a user of the computer to make a separate determination and action.
이상에서 상술한 바와 같이 본 발명은 현재의 소프트웨어적인 네트워크 패킷에 대한 탐지를 고속의 병렬 처리 하드웨어를 이용하여 수행함으로써, 입력 패킷에 대한 신속하고 정확한 판정을 가능하게 하여 통신망 및 컴퓨터 정보 보호의 효율 및 효과를 극대화할 수 있다.As described above, the present invention performs the detection of current software network packets by using high-speed parallel processing hardware, enabling fast and accurate determination of input packets, thereby improving the efficiency of network and computer information protection. The effect can be maximized.
Claims (1)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020000056316A KR20020024507A (en) | 2000-09-25 | 2000-09-25 | Parallel processing system for decision on intrusion |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020000056316A KR20020024507A (en) | 2000-09-25 | 2000-09-25 | Parallel processing system for decision on intrusion |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20020024507A true KR20020024507A (en) | 2002-03-30 |
Family
ID=19690381
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020000056316A KR20020024507A (en) | 2000-09-25 | 2000-09-25 | Parallel processing system for decision on intrusion |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20020024507A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2406485A (en) * | 2003-09-11 | 2005-03-30 | Detica Ltd | Hardware detection of predermined bit patterns in data packets |
KR100519058B1 (en) * | 2003-09-02 | 2005-10-06 | 김명주 | Anti-virus system for parallel processing system |
KR100901701B1 (en) * | 2006-12-01 | 2009-06-08 | 한국전자통신연구원 | Intrusion pattern process system and method |
KR101252812B1 (en) * | 2006-04-25 | 2013-04-12 | 주식회사 엘지씨엔에스 | Network security device and method for controlling of packet data using the same |
-
2000
- 2000-09-25 KR KR1020000056316A patent/KR20020024507A/en not_active Application Discontinuation
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100519058B1 (en) * | 2003-09-02 | 2005-10-06 | 김명주 | Anti-virus system for parallel processing system |
GB2406485A (en) * | 2003-09-11 | 2005-03-30 | Detica Ltd | Hardware detection of predermined bit patterns in data packets |
GB2406485B (en) * | 2003-09-11 | 2006-09-13 | Detica Ltd | Real-time network monitoring and security |
KR101252812B1 (en) * | 2006-04-25 | 2013-04-12 | 주식회사 엘지씨엔에스 | Network security device and method for controlling of packet data using the same |
KR100901701B1 (en) * | 2006-12-01 | 2009-06-08 | 한국전자통신연구원 | Intrusion pattern process system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9514246B2 (en) | Anchored patterns | |
US7672941B2 (en) | Pattern matching using deterministic finite automata and organization of such automata | |
KR101868720B1 (en) | Compiler for regular expressions | |
Liu et al. | A fast string-matching algorithm for network processor-based intrusion detection system | |
US7134143B2 (en) | Method and apparatus for data packet pattern matching | |
US20150356321A1 (en) | Programmable intelligent search memory enabled secure dram | |
US20110016154A1 (en) | Profile-based and dictionary based graph caching | |
KR20090006838A (en) | Malicious attack detection system and an associated method of use | |
KR100960120B1 (en) | Signature String Storing Memory Structure and the Storing Method for the Same, Signature String Pattern Matching Method | |
CN113114694B (en) | DDoS attack detection method oriented to high-speed network packet sampling data acquisition scene | |
Steadman et al. | Dnsxd: Detecting data exfiltration over dns | |
Afek et al. | Making DPI engines resilient to algorithmic complexity attacks | |
Madhusudan et al. | Design of a system for real-time worm detection | |
KR20020024507A (en) | Parallel processing system for decision on intrusion | |
CN115017502A (en) | Flow processing method and protection system | |
Fide et al. | A survey of string matching approaches in hardware | |
KR20060067077A (en) | Apparatus for recognizing abnormal and destructive traffic in network and method thereof | |
Sabhanatarajan et al. | A resource efficient content inspection system for next generation Smart NICs | |
US7917649B2 (en) | Technique for monitoring source addresses through statistical clustering of packets | |
Yoshioka et al. | Rule hashing for efficient packet classification in network intrusion detection | |
Nourani et al. | Bloom filter accelerator for string matching | |
KR102285661B1 (en) | Appatus and method of load balancing in intrusion dectection system | |
Fukač et al. | Increasing memory efficiency of hash-based pattern matching for high-speed networks | |
Kim et al. | Multihash based pattern matching mechanism for high-performance intrusion detection | |
Kang et al. | Design and implementation of a multi-gigabit intrusion and virus/worm detection system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |