H/W Based Stateful Packet Inspection Using a Novel Session Architecture

Free registration required

Executive Summary

Stateful Packet Inspection(SPI) remember the previous packet and can thus keep track of the state of the session. SPI was originally developed for Firewall. But recently there are various applications such as VPN, NIDS, Traffic Monitoring, and so on. In this paper, the authors focused on Network Intrusion Detection System (NIDS). Because stateless IDS only look at one packet at a time, a lot of false positive alerts generate during attempt to attack using IDS evasion tool, for example, "Stick" or "Snot". To prevent this problem, SPI was employed in NIDS and statefulness of NIDS became very important. But most of existing SPI products are software based solutions which have poor performance in current high-speed internet environment.

  • Format: PDF
  • Size: 781.7 KB