P4-ipsec: Site-to-site and host-to-site vpn with ipsec in p4-based sdn

F Hauser, M Häberle, M Schmidt, M Menth - IEEE Access, 2020 - ieeexplore.ieee.org
In this work, we present P4-IPsec, a concept for IPsec in software-defined networks (SDN)
using P4 programmable data planes. The prototype implementation features ESP in tunnel …

Enhancing Suricata intrusion detection system for cyber security in SCADA networks

K Wong, C Dillabaugh, N Seddigh… - 2017 IEEE 30th …, 2017 - ieeexplore.ieee.org
Industrial Control and SCADA (Supervisory Control and Data Acquisition) networks control
critical infrastructure such as power plants, nuclear facilities, and water supply systems …

[HTML][HTML] A dynamic and scalable parallel Network Intrusion Detection System using intelligent rule ordering and Network Function Virtualization

H Haugerud, HN Tran, N Aitsaadi, A Yazidi - Future Generation Computer …, 2021 - Elsevier
Abstract A Network Intrusion Detection System (NIDS) is a fundamental security tool.
However, under heavy network traffic, a NIDS might become a bottleneck. In an overloaded …

Scalable high-performance parallel design for network intrusion detection systems on many-core processors

H Jiang, G Zhang, G Xie, K Salamatian… - … for Networking and …, 2013 - ieeexplore.ieee.org
Network Intrusion Detection Systems (NIDSes) face significant challenges coming from the
relentless network link speed growth and increasing complexity of threats. Both hardware …

A Network Function Virtualization Architecture for Automatic and Efficient Detection and Mitigation against Web Application Malware

L Mauricio, M Rubinstein - Journal of Internet Services and …, 2023 - journals-sol.sbc.org.br
This paper proposes and implements a Network Function Virtualization (NFV) security
architecture to provide automatic and efficient detection and mitigation against Web …

[PDF][PDF] Dpdkstat: 40gbps statistical traffic analysis with off-the-shelf hardware

M Trevisan, A Finamore, M Mellia… - … Paris, France, Tech …, 2016 - perso.telecom-paristech.fr
In recent years, advances in both hardware and software offer to user-space applications O
(10Gbps) worth of traffic. Processing data at such line rate with software running on …

Work Balancing vs. Load Balancing for Network IDS Parallelization

H Doroud, T Wiese, F Erlacher… - … and Mobile Computing …, 2023 - ieeexplore.ieee.org
Signature-based Network Intrusion Detection Systems (NIDS) is state-of-the-art for precise
attack detection. Using multiple instances of NIDS in parallel is considered the most …

STEAL: Service Time-Aware Load balancer on many-core processors for fast intrusion detection

YH Choi, WJ Park, SH Choi… - 2016 IEEE Conference on …, 2016 - ieeexplore.ieee.org
To realize the high-speed intrusion detection by accommodating many regex-based
signatures and the growing network link capacities, we propose a Service TimE-Aware Load …

Tearing down the face of algorithmic complexity attacks for DPI engines

L Liu, J Shi, H Zhang, X Yu - 2018 IEEE Intl Conf on Parallel & …, 2018 - ieeexplore.ieee.org
Deep Packet Inspection (DPI) is the core of security devices, such as NIDS, NIPS, which is
also an important target of the adversary. The vulnerability of DPI engine is that it relies …

Adaptive load balancing on multi-core IPsec gateway

W Li, S Hu, G Sun, Y Li - … and Architectures for Parallel Processing: 18th …, 2018 - Springer
Cloud service providers usually offer IPsec VPN services to tenants by deploying the
software IPsec gateway on the virtual machine. However, the current software IPsec …