High-speed string matching for network intrusion detection

Authors:
Benfano Soewito;Atul Mahajan;Ning Weng;Haibo Wang
Affiliations:
Department of Electrical and Computer Engineering, Southern Illinois University, Carbondale, IL 62901, USA.;Department of Electrical and Computer Engineering, Southern Illinois University, Carbondale, IL 62901, USA.;Department of Electrical and Computer Engineering, Southern Illinois University, Carbondale, IL 62901, USA.;Department of Electrical and Computer Engineering, Southern Illinois University, Carbondale, IL 62901, USA
Venue:
International Journal of Communication Networks and Distributed Systems
Year:
2009

Citing 15
Cited 1

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
A fast string searching algorithm

Communications of the ACM
Efficient string matching: an aid to bibliographic search

Communications of the ACM
A String Matching Algorithm Fast on the Average

Proceedings of the 6th Colloquium, on Automata, Languages and Programming
Time and area efficient pattern matching on FPGAs

FPGA '04 Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays
A fast string-matching algorithm for network processor-based intrusion detection system

ACM Transactions on Embedded Computing Systems (TECS)
FPGA Based Network Intrusion Detection using Content Addressable Memories

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Gigabit Rate Packet Pattern-Matching Using TCAM

ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Efficient packet classification for network intrusion detection using FPGA

Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays
Configurable string matching hardware for speeding up intrusion detection

ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
SIFT: Snort Intrusion Filter for TCP

HOTI '05 Proceedings of the 13th Symposium on High Performance Interconnects
Efficient memory utilization on network processors for deep packet inspection

Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (The Morgan Kaufmann Series in Networking)

Network Algorithmics,: An Interdisciplinary Approach to Designing Fast Networked Devices (The Morgan Kaufmann Series in Networking)
Deep Packet Inspection using Parallel Bloom Filters

IEEE Micro

Detection and classification of peer-to-peer traffic: A survey

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion detection systems are promising techniques to improve internet security. A daunting challenge in the design of internet intrusion detection systems is how to perform high-speed string matching operations. This paper presents a string matching architecture, consisting of software based classifiers and hardware based verifiers. Based on incoming packet contents, the packet classifiers can dramatically reduce the number of strings to be matched and accordingly, feed the packet to a proper verifier to conduct matching. The paper presents the proposed classifier architecture and discusses the trade-offs in the classifier design. In addition, techniques, including multi-threading FSM, high-speed FSM interface circuits and interconnects for high-speed verifier implementation on FPGA platforms are discussed. Experimental results are presented to explore the trade-offs between system performance, strings partition granularity and hardware resource cost.