What is ASIP ?

By growing and development of computer networks and generalizing the use ofmodern services on the information platform, the importance ofcommunication and information security is considered more than the othertimes by network representations and users. Presented reports by responsecomputer incident different groups show the wide growth of computer attacksin the recent years. In this case Network Intrusion Detection Systems (NIDS) asone of the Intrusion Detection System (IDS) types, are be transformed to theutilization systems for establishing the security levels and detecting the illegalactivities in the network. This research includes an IDS which is written in Cprogramming language that uses 15597 Snort rules and MIT Lincoln Labnetwork traffic. By running this security application on the V850, OR1K,MIPS32, ARM7TDMI and PowerPC32 microprocessors

Abstract

Introduction

One of the main reasons for using the IDS even with firewall on the network isless security of firewalls against the attacks that occur by the different soft-wares to organization data and information.

For example Nimda, Code red and Slammer worms.

In this research, using the expandable and efficient microprocessors for

implementation of NIDS is for two reasons: one for flexibility in system

reconfiguration and the other is for performance. Note that the networks

are vulnerable to new attack patterns, so updating the attack patterns in

NIDS is inevitable. In the other hand achieving to high performanceseems possible because of microprocessor hardware architectures.

Software Works

Since many NIDS software systems have been introduced in the form of open

source or commercial but none of them have found the popularity and

universality of Snort. (snort.org)

Snort is open source software and a network packet sniffer

with a packet log recorder and IDS that attempts to

detect the complex attacks to the network.

• Snort has a huge database of attack patterns.

• Snort compares character patterns in the network traffic with its own set of

defined rules by pattern matching algorithms

• detection engine for improving the pattern searching such as Boyer-Moore,

AhoCorasick and combination methods such as AC-BM.

Software intrusion detection on a conventional is executed on

the General Purpose Processors (GPP) and therefore being

slow of this method is its most important disadvantages.

Challenge

This section considers performance evaluation of V850, OR1K, MIPP32 from MIPS series, ARM7TDMI from ARM series and PowerPC32 from PowerPC microprocessors for execution of written network intrusion detection application.

Performance Evaluation

First standard work

The Cyber Systems and Technology Group of MIT Lincoln Laboratory,

under Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory sponsorship

find the strength and weaknesses of existing approaches and lead to

large performance improvements and valid assessments of intrusion detection systems.

This research uses five hundred thousand packets from simulation output traffic

Implementation

Snort How run and test snort in different types of processors?

Open Virtual Platform

OVP uses libraries of processor and behavioral models, and APIs for

building the own processors, peripherals and platforms.

OVP is flexible and is free for noncommercial usages.

simulationversion 2/23/2011 of OVP simulator program is used on a laptop with Windows XP SP2, 1.60 GHz CPU and 512 MB RAM. The simulation has used the basic microprocessors without cache.

All microprocessors have the same nominal speed, and are equal to 100MHz.

Run-time of intrusion detection application for five hundred thousand packets

Optimization

A compiler is likely to perform many or all of the following operations:

lexical analysis, preprocessing, parsing, semantic analysis (Syntax-directed translation), code generation, and code optimization.

the frontend: syntax and semantics

the middle-end: optimization

and the backend: assembly code

GCC

The GCC is a compiler system produced by the GNU Project supporting various programming languages.(C++, JAVA, Ada, Pascal,…)

The GCC also has its own predefined levels of optimization which begin with –O and include: –O or –O1, –

O2, –O3, –O0 and Os. (https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html)

Performance increase percent of microprocessors by using predefined optimization levels for five hundred thousand packets

Optimization with Offered Optimization Level

focusing on ARM7TDMI

too loopsmany iterationlong jumps

-O2 -freduce-all-givs -fmove-all-movables -mcpu=arm7 -fnew-ra

-fno-expensive-optimizations -fno-force-mem-fno-guess-branch-probability -fno-if-conversion2 -fno-crossjumping

Offered solution (https://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Optimize-Options.html)

Performance increase percent of ARM7TDMI microprocessor in O2 and offered level

Using microprocessor for performing intrusion detection led to the

problems such as attack signature updating are resolved which is in

ASICs, because of the flexibility of microprocessors.This flexibility is related to the software which is run by microprocessor.

Conclusion

Future works

Optimize complier's back-end for generate appropriate assemblycodes for different types of CPUs

Design specific processors for specific operations or functions.