Efficient packet classification for network intrusion detection using FPGA
Proceedings of the 2005 ACM/SIGDA 13th international symposium on Field-programmable gate arrays
A pattern matching coprocessor for network security
Proceedings of the 42nd annual Design Automation Conference
A High Throughput String Matching Architecture for Intrusion Detection and Prevention
Proceedings of the 32nd annual international symposium on Computer Architecture
High-throughput linked-pattern matching for intrusion detection systems
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Modeling the data-dependent performance of pattern-matching architectures
Proceedings of the 2006 ACM/SIGDA 14th international symposium on Field programmable gate arrays
Bit-split string-matching engines for intrusion detection and prevention
ACM Transactions on Architecture and Code Optimization (TACO)
A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching
Proceedings of the 33rd annual international symposium on Computer Architecture
Algorithms to accelerate multiple regular expressions matching for deep packet inspection
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Efficient memory utilization on network processors for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Advanced algorithms for fast and scalable deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast and memory-efficient regular expression matching for deep packet inspection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Journal of Systems Architecture: the EUROMICRO Journal
A high performance NIDS using FPGA-based regular expression matching
Proceedings of the 2007 ACM symposium on Applied computing
Towards a deep-packet-filter toolkit for securing legacy resources
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Trusted hardware: can it be trustworthy?
Proceedings of the 44th annual Design Automation Conference
Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Deep network packet filter design for reconfigurable devices
ACM Transactions on Embedded Computing Systems (TECS)
C is for circuits: capturing FPGA circuits as sequential code for portability
Proceedings of the 16th international ACM/SIGDA symposium on Field programmable gate arrays
Design and analysis of a multipacket signature detection system
International Journal of Security and Networks
Exact multi-pattern string matching on the cell/b.e. processor
Proceedings of the 5th conference on Computing frontiers
Optimization of pattern matching circuits for regular expression on FPGA
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Scalable multigigabit pattern matching for packet inspection
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
FPGA based string matching for network processing applications
Microprocessors & Microsystems
Multilevel Pattern Matching Architecture for Network Intrusion Detection and Prevention System
ICESS '07 Proceedings of the 3rd international conference on Embedded Software and Systems
FPGA-based ROM-free network intrusion detection using shift-OR circuit
Journal of Embedded Computing - Design and Optimization for High Performance Embedded Systems
Optimized memory based accelerator for scalable pattern matching
Microprocessors & Microsystems
Hashing round-down prefixes for rapid packet classification
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Performance of FPGA implementation of bit-split architecture for intrusion detection systems
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
A computationally efficient engine for flexible intrusion detection
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Experiences with string matching on the fermi architecture
ARCS'11 Proceedings of the 24th international conference on Architecture of computing systems
PeRex: A Power Efficient FPGA-based Architecture for Regular Expression Matching
GREENCOM '11 Proceedings of the 2011 IEEE/ACM International Conference on Green Computing and Communications
A high-throughput system architecture for deep packet filtering in network intrusion prevention
ARCS'06 Proceedings of the 19th international conference on Architecture of Computing Systems
Pattern-unit based regular expression matching with reconfigurable function unit
ICCSA'10 Proceedings of the 2010 international conference on Computational Science and Its Applications - Volume Part IV
EnGarde: protecting the mobile phone from malicious NFC interactions
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Hi-index | 0.00 |
Searching for multiple string patterns in a stream of data is a computationally expensive task. The speed of the search pattern module determines the overall performance of deep packet inspection firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS). For example, one open source IDS configured for 845 patterns, can sustain a throughput of only 50 Mbps running on a dual 1-GHz Pentium III system. Using such systems would not be practical for filtering high speed networks with over 1 Gbps traffic. Some of these systems are implemented with field programmable gate arrays (FPGA) so that they are fast and programmable. However, such FPGA filters tend to be too large to be mapped on to a single FPGA. By sharing the common sub-logic in the design, we can effectively shrink the footprint of the filter. Then, for a large subset of the patterns, the logic area can be further reduced by using a memory based architecture. These design methods allow our filter for 2064 attack patterns to map onto a single Xilinx Spartan 3 - XC3S2000 FPGA with a filtering rate of over 3 Gbps of network traffic.