Publication Details

Analysis of TLS Prefiltering for IDS Acceleration

ŠIŠMIŠ, L.; KOŘENEK, J. Analysis of TLS Prefiltering for IDS Acceleration. In Passive and Active Measurement 2023. Lecture Notes in Computer Science. Lecture Notes in Computer Science. Madrid: Springer Nature Switzerland AG, 2023. p. 85-109. ISBN: 978-3-031-28485-4. ISSN: 0302-9743.

Czech title

Analýza TLS pre-filtrace pro akceleraci IDS

Type

conference paper

Language

English

Authors

Šišmiš Lukáš, Ing. (DCSY)
Kořenek Jan, doc. Ing., Ph.D. (DCSY)

URL

https://link.springer.com/chapter/10.1007/978-3-031-28486-1_5

Keywords

IDS, TLS, DPDK, Prefilter, Suricata, Performance, Acceleration, Throughput,
Measurements

Abstract

Network intrusion detection systems (IDS) and intrusion prevention systems (IPS)
have proven to play a key role in securing networks. However, due to their
computational complexity, the deployment is difficult and expensive. Therefore,
many times the IDS is not powerful enough to handle all network traffic on
high-speed network links without uncontrolled packet drop. High-speed packet
processing can be achieved using many CPU cores or an appropriate acceleration.
But the acceleration has to preserve the detection quality and has to be flexible
to handle ever-emerging security threats. One of the common acceleration methods
among intrusion detection/prevention systems is the bypass of encrypted packets
of the Transport Layer Security (TLS) protocol. This is based on the fact that
IDS/IPS cannot match signatures in the packet encrypted payload. The paper
provides an analysis and comparison of available TLS bypass solutions and
proposes a high-speed encrypted TLS Prefilter for further acceleration. We are
able to demonstrate that using our technique, the IDS performance has tripled and
at the same time detection results have resulted in a lower rate of false
positives. It is designed as a software-only architecture with support for
commodity cards. However, the architecture allows smooth transfer of the proposed
method to the HW-based solution in Field-programmable gate array (FPGA) network
interface cards (NICs).

Published

2023

Pages

85–109

Journal

Lecture Notes in Computer Science, vol. 2023, no. 13882, ISSN 0302-9743

Proceedings

Passive and Active Measurement 2023

Series

Lecture Notes in Computer Science

Conference

Passive and Active Measurement Conference 2023, Madrid, ES

ISBN

978-3-031-28485-4

Publisher

Springer Nature Switzerland AG

Place

Madrid

DOI

10.1007/978-3-031-28486-1_5

UT WoS

001004071500005

EID Scopus

2-s2.0-85151058320

BibTeX

@inproceedings{BUT185697,
  author="Lukáš {Šišmiš} and Jan {Kořenek}",
  title="Analysis of TLS Prefiltering for IDS Acceleration",
  booktitle="Passive and Active Measurement 2023",
  year="2023",
  series="Lecture Notes in Computer Science",
  journal="Lecture Notes in Computer Science",
  volume="2023",
  number="13882",
  pages="85--109",
  publisher="Springer Nature Switzerland AG",
  address="Madrid",
  doi="10.1007/978-3-031-28486-1\{_}5",
  isbn="978-3-031-28485-4",
  issn="0302-9743",
  url="https://link.springer.com/chapter/10.1007/978-3-031-28486-1_5"
}