Variable Length Pattern Matching for Hardware Network Intrusion Detection System

Authors:
Chun Jason Xue;Meilin Liu;Qingfeng Zhuge;Edwin Hsing-Mean Sha
Affiliations:
Department of Computer Science, City University of Hong Kong, Kowloon, Hong Kong;Department of Computer Science and Engineering, Wright State University, Dayton, USA 45435;Department of Computer Science, University of Texas at Dallas, Richardson, USA 75083;Department of Computer Science, University of Texas at Dallas, Richardson, USA 75083
Venue:
Journal of Signal Processing Systems
Year:
2010

Citing 12
Cited 0

A fast string searching algorithm

Communications of the ACM
Efficient string matching: an aid to bibliographic search

Communications of the ACM
Space/time trade-offs in hash coding with allowable errors

Communications of the ACM
Granidt: Towards Gigabit Rate Network Intrusion Detection Technology

FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Specialized Hardware for Deep Network Packet Filtering

FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Fast Content-Based Packet Handling for Intrusion Detection

Fast Content-Based Packet Handling for Intrusion Detection
Implementation of a Content-Scanning Module for an Internet Firewall

FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Exploiting Reconfigurable Hardware for Network Security

FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Time and area efficient pattern matching on FPGAs

FPGA '04 Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays
A fast string-matching algorithm for network processor-based intrusion detection system

ACM Transactions on Embedded Computing Systems (TECS)
Configurable string matching hardware for speeding up intrusion detection

ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
A High Throughput String Matching Architecture for Intrusion Detection and Prevention

Proceedings of the 32nd annual international symposium on Computer Architecture

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the wide adoption of internet into our everyday lives, internet security becomes an important issue. Intrusion detection at the network level is an effective way of stopping malicious attacks at the source and preventing viruses and worms from wide spreading. The key component in a successful network intrusion detection system is a high performance pattern matching engine that can uncover the malicious activities in real time. In this paper, we propose a highly parallel, scalable hardware based network intrusion detection system, that can handle variable pattern length efficiently and effectively. Pattern matching for a packet is completed in O(N log M) time where N is the size of the packet and M is the longest pattern length. Implementation is done on a standard off-the-shelf field-programmable gate array. Comparison with the other techniques shows promising results.