HSTCP: A High-speed Traffic Collection Platform for Intrusion Detection/Prevention Based on Sampling on FPGAs

AbstractWith the ever-increasing deployment and usage of gigabit networks, traditional networks’ intrusion detection/prevention systems (IDSs/IPSs) have not scaled accordingly. More recently, researchers have been looking at hardware-based solutions that use field programmable gate arrays (FPGAs) to assist network IDSs/IPSs, and some proposed systems have been developed that can be scaled to achieve a high speed over 10 Gbps. However, these solutions have certain drawbacks. In this paper, we present a uniform high-speed traffic collection platform for intrusion detection/prevention based on sampling on FPGAs, called HSTCP. The methodology is when the proposed platform is unable to capture the whole network traffic, it will initiate elephant flow sampling rather than simple packets’ drop. Meanwhile, the sampling rate is adaptive to the traffic load changes in the elephant flow. The noteworthy features of HSTCP include the following: (a) it takes the self-similarity of network traffic into account with comp...