Intrusion prevention is significant to avoid device damage and financial losses. Researchers have proposed various Prevention Systems (IPS) prevent malware, including traditional SDN-based IPS. However, existing IPSs suffer from low throughput problems caused by detection rule-installation delays. Here, we propose a programmable switch-base IPS (named PS-IPS), which utilizes the switch CPU pipeline detect malware. PSIPS consists of four main components: (1) parser, (2) flow filter, (3) recirculation director, (4) malware detector. According experiment, achieves 183X than The response time also reduced 99.99%, showing that effectively prevents malware
with single switch.

Load

Load