A Parallel Architecture for Stateful, High-Speed Intrusion Detection

The increase in bandwidth over processing power has made stateful intrusion detection for high-speed networks snore difficult,, and, in certain cases, impossible. The problem of real-time stateful intrusion detection in high-speed networks cannot easily be solved by optimizing the packet; matching algorithm utilized by a, centralized process or by using custom-developed hardware. Instead, there is a need for a parallel approach that is able to decompose the problem into subproblems of manageable size. We present a novel parallel matching algorithm for the signature-based detection of network attacks. The algorithm is able to perform stateful signature matching and has been implemented only using off-the-shelf components. Our initial experiments confirm that, by making the rule snatching process parallel, it is possible to achieve a, scalable implementation of a stateful, network-based intrusion detection system.