Network intrusion detection systems (NIDS) complement firewalls and other
security approaches by analyzing network traffic at the edge of an
intranet to detect attacks and unauthorized access. The effectiveness
of a NIDS is determined both by the sophistication of the underlying
analysis algorithm as well as by the processing speed or capacity.
Packet loss due to insufficient processing capabilities results in
loss of valuable information, rendering the NIDS ineffective.
Increasing network speeds and more complex analysis techniques require
packet processing capacities that exceed the performance of existing
general-purpose computer systems. The SPANIDS project addresses this
bottleneck by developing a scalable, parallel architecture for NIDS
platforms. This talk discusses the performance requirements of network
intrusion detection, presents a parallel architecture to address these
challenges, and provides an overview of an FPGA-based prototype
implementation currently underway.