TY - GEN
T1 - FlexIPS
T2 - 2nd International Conference on Electronics, Communications and Information Technology, CECIT 2021
AU - Yen, Tong Hong
AU - Yang, Chu Sing
N1 - Funding Information:
The authors would like to thank the anonymous reviewers for their valuable comments and suggestions on the paper. This work was supported in part by the Ministry of Science and Technology of Taiwan, R.O.C., under Contracts MOST 110-2221-E-006-038.
Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - From the past to the present, network attack methods have not been unchanged. As network technology is becoming increasingly complex, the difficulty of preventing risks has also increased. Attack methods have ranged from early packet spoofing, flood attacks, vertical scanning, to social attacks, such as horizontal scanning and spam. Up to the recent web application attacks, web injection attacks, penetration attacks, and ransomware that caused a large amount of economic lossesnot long ago have forced computer scientists to pay attention to the prevention of information security incidents. Intrusion prevention systems (IPSs), also known as intrusion detectionand prevention systems, are used for maintaining network security. Their purpose is to reinforce the deficiencies of network firewalls and network intrusion detection systems and strengthen network safety. IPSs can monitor the network status and transmission behavior of network packets inreal time and interrupt, adjust, or isolate abnormal or malicious network packet transmission behaviors in real time. In this study, a scalablesoftware-based IPS based on Hy-perscan, Data Plane Develop Kit (DPDK), and OpenNetVM is designed and implemented. With these libraries, it achieves a dynamic scalable IPS that can filter out malicious patterns spread all over the packet flow. Moreover, a methodcalled back pressure is designed and implemented to increase the performance of the IPS. Finally, the performance of the IPS is evaluated on a 10-Gbps network environment using iperf, Pktgen-DPDK, and malicious pcap files with Snort community rules.
AB - From the past to the present, network attack methods have not been unchanged. As network technology is becoming increasingly complex, the difficulty of preventing risks has also increased. Attack methods have ranged from early packet spoofing, flood attacks, vertical scanning, to social attacks, such as horizontal scanning and spam. Up to the recent web application attacks, web injection attacks, penetration attacks, and ransomware that caused a large amount of economic lossesnot long ago have forced computer scientists to pay attention to the prevention of information security incidents. Intrusion prevention systems (IPSs), also known as intrusion detectionand prevention systems, are used for maintaining network security. Their purpose is to reinforce the deficiencies of network firewalls and network intrusion detection systems and strengthen network safety. IPSs can monitor the network status and transmission behavior of network packets inreal time and interrupt, adjust, or isolate abnormal or malicious network packet transmission behaviors in real time. In this study, a scalablesoftware-based IPS based on Hy-perscan, Data Plane Develop Kit (DPDK), and OpenNetVM is designed and implemented. With these libraries, it achieves a dynamic scalable IPS that can filter out malicious patterns spread all over the packet flow. Moreover, a methodcalled back pressure is designed and implemented to increase the performance of the IPS. Finally, the performance of the IPS is evaluated on a 10-Gbps network environment using iperf, Pktgen-DPDK, and malicious pcap files with Snort community rules.
UR - http://www.scopus.com/inward/record.url?scp=85128692321&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85128692321&partnerID=8YFLogxK
U2 - 10.1109/CECIT53797.2021.00112
DO - 10.1109/CECIT53797.2021.00112
M3 - Conference contribution
AN - SCOPUS:85128692321
T3 - Proceedings - 2021 2nd International Conference on Electronics, Communications and Information Technology, CECIT 2021
SP - 607
EP - 613
BT - Proceedings - 2021 2nd International Conference on Electronics, Communications and Information Technology, CECIT 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 27 December 2021 through 29 December 2021
ER -