Publication Details
Accelerating IDS Using TLS Pre-Filter in FPGA
Šišmiš Lukáš, Ing. (DCSY)
Matoušek Jiří, Ing., Ph.D. (DCSY)
Kořenek Jan, doc. Ing., Ph.D. (DCSY)
TLS, acceleration, FPGA, IDS, 100G Ethernet, 400G Ethernet
Intrusion Detection Systems (IDSes) are a widely used network security
tool. However, achieving sufficient throughput is challenging as network
link speeds increase to 100 or 400 Gbps. Despite the large number of
papers focusing on the hardware acceleration of IDSes, the approaches
are mostly limited to the acceleration of pattern matching or do not
support all types of IDS rules. Therefore, we propose hardware
acceleration that significantly increases the throughput of IDSes
without limiting the functionality or the types of rules supported. As
the IDSes cannot match signatures in encrypted network traffic, we
propose a hardware TLS pre-filter that removes encrypted TLS traffic
from IDS processing and doubles the average processing speed.
Implemented on an acceleration card with an Intel Agilex FPGA, the
pre-filter supports 100 and 400 Gbps throughput. The hardware design is
optimized to achieve a high frequency and to utilize only a few hardware
resources.
@inproceedings{BUT185159,
author="Vlastimil {Košař} and Lukáš {Šišmiš} and Jiří {Matoušek} and Jan {Kořenek}",
title="Accelerating IDS Using TLS Pre-Filter in FPGA",
booktitle="Proceedings - IEEE Symposium on Computers and Communications",
year="2023",
pages="436--442",
publisher="IEEE Computer Society",
address="Tunis",
doi="10.1109/ISCC58397.2023.10218049",
isbn="979-8-3503-0048-2",
url="https://ieeexplore.ieee.org/document/10218049"
}