Escolar Documentos
Profissional Documentos
Cultura Documentos
Dy na mic Loa de r
Flow
Detection
Events
Traffic Flow
Analyzer Collector IPS
Events
Scan Traffic Management
Detection Profiler IDMEF c ommunic a t ion
Da t a Us e r I/f
Flood Detection M a na ge me nt
Reconnaissance Detection
Flow Base IP S Alerting
Flow Detection
Detection M anagement
Management
Traffic Anomaly Detection
Implemented,
Flow Base tested, IP S Implemented,
Detection interacted with user M anagement tested
C1
Application
C2
S S,A A S3
S0 S1 S2 Specific
Signature
Cn
Conn (C): Src IP, Src Port,
Dst IP, Dst Port
Protocol
© C-DAC,2009 Computer Networks and Internet Engineering
Modules of State Based Detection
• Connection Management
– Maintaining the connection table
• Application State Analysis (HTTP, SMTP and
DNS)
– Expansion of IPS Signatures with state knowledge
– Application protocol parsing (keyword extraction)
• Implementation done for HTTP
Packet Collector
Digital
Clock
Serializer Tx FIFO Switch
Manager
Routing
Matrix
Deserializer Rx buffer
Control Logic
Block Array
Multi giga-bit Rocket IO transceiver core for
18 *18 bit user defined
multiplier
logic
block
Block Distributed
Select
Packet Decoder
RAM RAM
© C-DAC,2009 Computer Networks and Internet Engineering
IPS Management
• Data management
• Communication Interface
• Alerts and User Interface
• Work in progress:
– Signature Update mechanism
– Enhance of visualization & Query optimization
– Signature Update mechanism
© C-DAC,2009 Computer Networks and Internet Engineering
Other Challenges