Efficient string matching: an aid to bibliographic search
Communications of the ACM
Assisting Network Intrusion Detection with Reconfigurable Hardware
FCCM '02 Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
TCP-Splitter: A TCP/IP Flow Monitor in Reconfigurable Hardware
HOTI '02 Proceedings of the 10th Symposium on High Performance Interconnects HOT Interconnects
Time and area efficient pattern matching on FPGAs
FPGA '04 Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays
A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Scalable Pattern Matching for High Speed Networks
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Fast Regular Expression Matching Using FPGAs
FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A Signature Match Processor Architecture for Network Intrusion Detection
FCCM '05 Proceedings of the 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Highly Efficient String Matching Circuit for IDS with FPGA
FCCM '06 Proceedings of the 14th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
FPGA based programmable embedded intrusion detection system
Proceedings of the 3rd international conference on Security of information and networks
NetStage/DPR: a self-adaptable FPGA platform for application-level network security
ARC'11 Proceedings of the 7th international conference on Reconfigurable computing: architectures, tools and applications
Deep packet inspection tools and techniques in commodity platforms: Challenges and trends
Journal of Network and Computer Applications
Malacoda: towards high-level compilation of network security applications on reconfigurable hardware
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
NetStage/DPR: A self-reconfiguring platform for active and passive network security operations
Microprocessors & Microsystems
Hi-index | 0.01 |
The present paper describes an implementation of an intrusion detection system (IDS) on an FPGA for 10 Gigabit Ethernet. The system includes an exact string matching circuit for 1,225 Snort rules on a single device. A number of studies have examined string matching circuits for IDS. However, implementing a circuit that processes a large rule set at high throughput is difficult. In a previous study, we proposed a method for generating an NFA-based string matching circuit that has expandability of processing data width and drastically reduced resource requirements. In the present paper, we implement an IDS circuit that processes 1,225 Snort rules at 10 Gbps with a single Xilinx Virtex-II Pro xc2vp-100 using the NFA-based method. The proposed circuit also provides packet filtering for an intrusion protection system (IPS). In addition, we developed a tool for automatically generating the Verilog HDL source code of the IDS circuit from a Snort rule set. Using the FPGA and the IDS circuit generator, the proposed system is able to update the matching rules corresponding to new intrusions and attacks. We implemented the IDS circuit on an FPGA board and evaluated its accuracy and throughput. As a result, we confirmed in a test that the circuit detects attacks perfectly at the wire speed of 10 Gigabit Ethernet.