Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
An FPGA-based coprocessor for ATM firewalls
FCCM '97 Proceedings of the 5th IEEE Symposium on FPGA-Based Custom Computing Machines
Assisting Network Intrusion Detection with Reconfigurable Hardware
FCCM '02 Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
The BSD packet filter: a new architecture for user-level packet capture
USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings
Time and area efficient pattern matching on FPGAs
FPGA '04 Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays
Configurable string matching hardware for speeding up intrusion detection
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
A pattern matching coprocessor for network security
Proceedings of the 42nd annual Design Automation Conference
A High Throughput String Matching Architecture for Intrusion Detection and Prevention
Proceedings of the 32nd annual international symposium on Computer Architecture
High-throughput linked-pattern matching for intrusion detection systems
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Bit-split string-matching engines for intrusion detection and prevention
ACM Transactions on Architecture and Code Optimization (TACO)
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Advanced algorithms for fast and scalable deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Automatic Synthesis of Efficient Intrusion Detection Systems on FPGAs
IEEE Transactions on Dependable and Secure Computing
Journal of Systems Architecture: the EUROMICRO Journal
Memory-efficient content filtering hardware for high-speed intrusion detection systems
Proceedings of the 2007 ACM symposium on Applied computing
Journal of Systems Architecture: the EUROMICRO Journal
Deterministic high-speed root-hashing automaton matching coprocessor for embedded network processor
ACM SIGARCH Computer Architecture News - Special issue on the 2006 reconfigurable and adaptive architecture workshop
Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Deep network packet filter design for reconfigurable devices
ACM Transactions on Embedded Computing Systems (TECS)
Detection workload in a dynamic grid-based intrusion detection environment
Journal of Parallel and Distributed Computing
Novel FPGA-based signature match circuit for efficient network intrusion detection
ACOS'07 Proceedings of the 6th Conference on WSEAS International Conference on Applied Computer Science - Volume 6
Optimization of pattern matching circuits for regular expression on FPGA
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Scalable multigigabit pattern matching for packet inspection
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
FPGA based string matching for network processing applications
Microprocessors & Microsystems
A fast scalable automaton-matching accelerator for embedded content processors
ACM Transactions on Embedded Computing Systems (TECS)
FPGA-based ROM-free network intrusion detection using shift-OR circuit
Journal of Embedded Computing - Design and Optimization for High Performance Embedded Systems
Space Optimization on Counters for FPGA-Based Perl Compatible Regular Expressions
ACM Transactions on Reconfigurable Technology and Systems (TRETS)
Variable Length Pattern Matching for Hardware Network Intrusion Detection System
Journal of Signal Processing Systems
Efficient pattern matching algorithm for memory architecture
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
A computationally efficient engine for flexible intrusion detection
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
A high-throughput system architecture for deep packet filtering in network intrusion prevention
ARCS'06 Proceedings of the 19th international conference on Architecture of Computing Systems
Efficient logic circuit for network intrusion detection
EUC'06 Proceedings of the 2006 international conference on Embedded and Ubiquitous Computing
Pattern matching acceleration for network intrusion detection systems
SAMOS'05 Proceedings of the 5th international conference on Embedded Computer Systems: architectures, Modeling, and Simulation
Smart architecture for high-speed intrusion detection and prevention systems
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Novel FPGA-Based signature matching for deep packet inspection
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Static patterns matching for high speed networks
ICICA'12 Proceedings of the Third international conference on Information Computing and Applications
International Journal of Mobile Network Design and Innovation
| Hi-index | 0.00 |
We describe a novel application of reconfigurable computing to the problem of computer network security. By filteringne twork packets with customized logic circuits, we can search headers as well as packet content for specific signatures at Gigabit Ethernet line rate. Input to our system is a set of filter rule descriptions in the format of the public domain "snort" databases. These descriptions are used by the hardware circuits on two Xilinx Virtex 1000 FPGAs on a SLAAC1V [9]board. Packets are read from a Gigabit Ethernet interface card, the GRIP [8], and flow directly through the packet filtering circuits. A vector describing matchingpa cket headers and content are returned to the host program, which relates matches back to the rule database, so that logs or alerts can be generated. The hardware runs at 66 MHz with 32-bit data, giving an effective line rate of 2 Gb/s. The granidt combination software/hardware runs at 24.9X the speed of snort 1.8.