Implementing high-speed string matching hardware for network intrusion detection systems

Authors:
Atul Mahajan;Benfano Soewito;Sai K. Parsi;Ning Weng;Haibo Wang
Affiliations:
Southern Illinois University, Carbondale, IL;Southern Illinois University, Carbondale, IL;Southern Illinois University, Carbondale, IL;Southern Illinois University, Carbondale, IL;Southern Illinois University, Carbondale, IL
Venue:
Proceedings of the 16th international ACM/SIGDA symposium on Field programmable gate arrays
Year:
2008

Citing 15
Cited 2

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
A fast string searching algorithm

Communications of the ACM
Efficient string matching: an aid to bibliographic search

Communications of the ACM
A String Matching Algorithm Fast on the Average

Proceedings of the 6th Colloquium, on Automata, Languages and Programming
Time and area efficient pattern matching on FPGAs

FPGA '04 Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays
A fast string-matching algorithm for network processor-based intrusion detection system

ACM Transactions on Embedded Computing Systems (TECS)
FPGA Based Network Intrusion Detection using Content Addressable Memories

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Gigabit Rate Packet Pattern-Matching Using TCAM

ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Efficient packet classification for network intrusion detection using FPGA

Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays
Configurable string matching hardware for speeding up intrusion detection

ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
SIFT: Snort Intrusion Filter for TCP

HOTI '05 Proceedings of the 13th Symposium on High Performance Interconnects
Efficient memory utilization on network processors for deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (The Morgan Kaufmann Series in Networking)

Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (The Morgan Kaufmann Series in Networking)
Deep Packet Inspection using Parallel Bloom Filters

IEEE Micro

Optimized memory based accelerator for scalable pattern matching

Microprocessors & Microsystems
Predictive pattern matching for scalable network intrusion detection

ICICS'09 Proceedings of the 11th international conference on Information and Communications Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a string matching hardware on FPGA for network intrusion detection systems. The proposed architecture, consisting of packet classifiers and strings matching verifiers, achieves superb throughput by using several mechanisms. First, based on incoming packet contents, the packet classifiers can dramatically reduce the number of strings to be matched for each packet and, accordingly, feed the packet to a proper verifier to conduct matching. Second, a novel multi-threading finite state machine (FSM) is proposed, which improves FSM clock frequency and allows multiple packets to be examined by a single FSM simultaneously. Design techniques for high-speed interconnect and interface circuits are also presented. Experimental results are presented to explore the trade-offs between system performance, strings partition granularity and hardware resource cost