Publication Details

Accelerating IDS Using TLS Pre-Filter in FPGA

KOŠAŘ, V.; ŠIŠMIŠ, L.; MATOUŠEK, J.; KOŘENEK, J. Accelerating IDS Using TLS Pre-Filter in FPGA. In Proceedings - IEEE Symposium on Computers and Communications. Tunis: IEEE Computer Society, 2023. p. 436-442. ISBN: 979-8-3503-0048-2.
Czech title
Akcelerace IDS pomocí TLS prefiltru v FPGA
Type
conference paper
Language
English
Authors
URL
Keywords

TLS, acceleration, FPGA, IDS, 100G Ethernet, 400G Ethernet

Abstract

Intrusion Detection Systems (IDSes) are a widely used network security tool. However, achieving sufficient throughput is challenging as network link speeds increase to 100 or 400 Gbps. Despite the large number of papers focusing on the hardware acceleration of IDSes, the approaches are mostly limited to the acceleration of pattern matching or do not support all types of IDS rules. Therefore, we propose hardware acceleration that significantly increases the throughput of IDSes without limiting the functionality or the types of rules supported. As the IDSes cannot match signatures in encrypted network traffic, we propose a hardware TLS pre-filter that removes encrypted TLS traffic from IDS processing and doubles the average processing speed. Implemented on an acceleration card with an Intel Agilex FPGA, the pre-filter supports 100 and 400 Gbps throughput. The hardware design is optimized to achieve a high frequency and to utilize only a few hardware resources.

Published
2023
Pages
436–442
Proceedings
Proceedings - IEEE Symposium on Computers and Communications
ISBN
979-8-3503-0048-2
Publisher
IEEE Computer Society
Place
Tunis
DOI
EID Scopus
BibTeX
@inproceedings{BUT185159,
  author="Vlastimil {Košař} and Lukáš {Šišmiš} and Jiří {Matoušek} and Jan {Kořenek}",
  title="Accelerating IDS Using TLS Pre-Filter in FPGA",
  booktitle="Proceedings - IEEE Symposium on Computers and Communications",
  year="2023",
  pages="436--442",
  publisher="IEEE Computer Society",
  address="Tunis",
  doi="10.1109/ISCC58397.2023.10218049",
  isbn="979-8-3503-0048-2",
  url="https://ieeexplore.ieee.org/document/10218049"
}
Back to top