What is ASIP ?
By growing and development of computer networks and generalizing the use ofmodern services on the information platform, the importance ofcommunication and information security is considered more than the othertimes by network representations and users. Presented reports by responsecomputer incident different groups show the wide growth of computer attacksin the recent years. In this case Network Intrusion Detection Systems (NIDS) asone of the Intrusion Detection System (IDS) types, are be transformed to theutilization systems for establishing the security levels and detecting the illegalactivities in the network. This research includes an IDS which is written in Cprogramming language that uses 15597 Snort rules and MIT Lincoln Labnetwork traffic. By running this security application on the V850, OR1K,MIPS32, ARM7TDMI and PowerPC32 microprocessors
Abstract
Introduction
One of the main reasons for using the IDS even with firewall on the network isless security of firewalls against the attacks that occur by the different soft-wares to organization data and information.
For example Nimda, Code red and Slammer worms.
In this research, using the expandable and efficient microprocessors for
implementation of NIDS is for two reasons: one for flexibility in system
reconfiguration and the other is for performance. Note that the networks
are vulnerable to new attack patterns, so updating the attack patterns in
NIDS is inevitable. In the other hand achieving to high performanceseems possible because of microprocessor hardware architectures.
Software Works
Since many NIDS software systems have been introduced in the form of open
source or commercial but none of them have found the popularity and
universality of Snort. (snort.org)
Snort is open source software and a network packet sniffer
with a packet log recorder and IDS that attempts to
detect the complex attacks to the network.
• Snort has a huge database of attack patterns.
• Snort compares character patterns in the network traffic with its own set of
defined rules by pattern matching algorithms
• detection engine for improving the pattern searching such as Boyer-Moore,
AhoCorasick and combination methods such as AC-BM.
Software intrusion detection on a conventional is executed on
the General Purpose Processors (GPP) and therefore being
slow of this method is its most important disadvantages.
Challenge
This section considers performance evaluation of V850, OR1K, MIPP32 from MIPS series, ARM7TDMI from ARM series and PowerPC32 from PowerPC microprocessors for execution of written network intrusion detection application.
Performance Evaluation
First standard work
The Cyber Systems and Technology Group of MIT Lincoln Laboratory,
under Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory sponsorship
find the strength and weaknesses of existing approaches and lead to
large performance improvements and valid assessments of intrusion detection systems.
This research uses five hundred thousand packets from simulation output traffic
Implementation
Snort How run and test snort in different types of processors?
Open Virtual Platform
OVP uses libraries of processor and behavioral models, and APIs for
building the own processors, peripherals and platforms.
OVP is flexible and is free for noncommercial usages.
simulationversion 2/23/2011 of OVP simulator program is used on a laptop with Windows XP SP2, 1.60 GHz CPU and 512 MB RAM. The simulation has used the basic microprocessors without cache.
All microprocessors have the same nominal speed, and are equal to 100MHz.
Run-time of intrusion detection application for five hundred thousand packets
Optimization
A compiler is likely to perform many or all of the following operations:
lexical analysis, preprocessing, parsing, semantic analysis (Syntax-directed translation), code generation, and code optimization.
the frontend: syntax and semantics
the middle-end: optimization
and the backend: assembly code
GCC
The GCC is a compiler system produced by the GNU Project supporting various programming languages.(C++, JAVA, Ada, Pascal,…)
The GCC also has its own predefined levels of optimization which begin with –O and include: –O or –O1, –
O2, –O3, –O0 and Os. (https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html)
Performance increase percent of microprocessors by using predefined optimization levels for five hundred thousand packets
Optimization with Offered Optimization Level
focusing on ARM7TDMI
too loopsmany iterationlong jumps
-O2 -freduce-all-givs -fmove-all-movables -mcpu=arm7 -fnew-ra
-fno-expensive-optimizations -fno-force-mem-fno-guess-branch-probability -fno-if-conversion2 -fno-crossjumping
Offered solution (https://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Optimize-Options.html)
Performance increase percent of ARM7TDMI microprocessor in O2 and offered level
Using microprocessor for performing intrusion detection led to the
problems such as attack signature updating are resolved which is in
ASICs, because of the flexibility of microprocessors.This flexibility is related to the software which is run by microprocessor.
Conclusion
Future works
Optimize complier's back-end for generate appropriate assemblycodes for different types of CPUs
Design specific processors for specific operations or functions.
Top Related