Stateful Packet Inspection for High-Performance Network Security

S. Yoon, J. Oh, and J. Jang (Korea)


Stateful Packet Inspection, Network Security, and Intrusion Detection


Today’s network security systems are required high performance as well as good functionality since the speed of the internet is increasing. Improving the performance of security devices by using reconfigurable hardware becomes a very important research and development field. In this paper, we have designed and implemented stateful packet inspection(SPI) module in a Field Programmable Gate Array(FPGA) to help improving the performance of Security Gateway System(SGS) which providing security functions such as network based intrusion detection and response, packet filtering, rate limiting and traffic metering in wire speed. Most of software based SPI modules(e.g. STREAM4 Preprocessor of Snort) show inefficiency and even fail to perform for the high speed internet. By implementing SPI in FPGA, we can achieve an efficient and fast intrusion detection in future multi gigabits network environment.

Important Links:

Go Back