Efficient string matching: an aid to bibliographic search
Communications of the ACM
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Granidt: Towards Gigabit Rate Network Intrusion Detection Technology
FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Specialized Hardware for Deep Network Packet Filtering
FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
An FPGA-based coprocessor for ATM firewalls
FCCM '97 Proceedings of the 5th IEEE Symposium on FPGA-Based Custom Computing Machines
Scalable Network Based FPGA Accelerators for an Automatic Target Recognition Application
FCCM '98 Proceedings of the IEEE Symposium on FPGAs for Custom Computing Machines
Assisting Network Intrusion Detection with Reconfigurable Hardware
FCCM '02 Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Evolvable Internet Hardware Platforms
EH '01 Proceedings of the The 3rd NASA/DoD Workshop on Evolvable Hardware
Rapid Prototyping of a Reusable 4x4 Active ATM Switch Core with the PCI Pamette
RSP '01 Proceedings of the 12th International Workshop on Rapid System Prototyping
Implementation of a Content-Scanning Module for an Internet Firewall
FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Deep Packet Filter with Dedicated Logic and Read Only Memories
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Scalable Pattern Matching for High Speed Networks
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Gigabit Rate Packet Pattern-Matching Using TCAM
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Fast Regular Expression Matching Using FPGAs
FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A pattern matching coprocessor for network security
Proceedings of the 42nd annual Design Automation Conference
A Signature Match Processor Architecture for Network Intrusion Detection
FCCM '05 Proceedings of the 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Performance evaluation comparison of Snort NIDS under Linux and Windows Server
Journal of Network and Computer Applications
Range hash for regular expression pre-filtering
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
LaFA: lookahead finite automata for scalable regular expression detection
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
LaFA: lookahead finite automata for scalable regular expression detection
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Scalable lookahead regular expression detection system for deep packet inspection
IEEE/ACM Transactions on Networking (TON)
Multi-character cost-effective and high throughput architecture for content scanning
Microprocessors & Microsystems
| Hi-index | 0.00 |
Most network routers and switches provide some protection against the network attacks. However, the rapidly increasing amount of damages reported over the past few years indicates the urgent need for tougher security. Deep-packet inspection is one of the solutions to capture packets that can not be identified using the traditional methods. It uses a list of signatures to scan the entire content of the packet, providing the means to filter harmful packets out of the network. Since one signature does not depend on the other, the filtering process has a high degree of parallelism. Most software and hardware deep-packet filters that are in use today execute the tasks under Von Neuman architecture. Such architecture can not fully take advantage of the parallelism. For instance, one of the most widely used network intrusion-detection systems, Snort, configured with 845 patterns, running on a dual 1-GHz Pentium III system, can sustain a throughput of only 50 Mbps. The poor performance is because of the fact that the processor is programmed to execute several tasks sequentially instead of simultaneously. We designed scalable deep-packet filters on field-programmable gate arrays (FPGAs) to search for all data-independent patterns simultaneously. With FPGAs, we have the ability to reprogram the filter when there are any changes to the signature set. The smallest full-pattern matcher implementation for the latest Snort NIDS fits in a single 400k Xilinx FPGA (Spartan 3-XC3S400) with a sustained throughput of 1.6 Gbps. Given a larger FPGA, the design can scale linearly to support a greater number of patterns, as well as higher data throughput.