Faster IP lookups using controlled prefix expansion
SIGMETRICS '98/PERFORMANCE '98 Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
High-speed policy-based packet forwarding using efficient multi-dimensional range matching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Scalable packet classification
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Assisting Network Intrusion Detection with Reconfigurable Hardware
FCCM '02 Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Efficient Mapping of Range Classifier into Ternary-CAM
HOTI '02 Proceedings of the 10th Symposium on High Performance Interconnects HOT Interconnects
Packet Classification Using Extended TCAMs
ICNP '03 Proceedings of the 11th IEEE International Conference on Network Protocols
Time and area efficient pattern matching on FPGAs
FPGA '04 Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays
Deep Packet Filter with Dedicated Logic and Read Only Memories
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A Methodology for Synthesis of Efficient Intrusion Detection Systems on FPGAs
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Efficient multi-match packet classification with TCAM
HOTI '04 Proceedings of the High Performance Interconnects, 2004. on Proceedings. 12th Annual IEEE Symposium
Scalable IP lookup for Internet routers
IEEE Journal on Selected Areas in Communications
Fast and scalable packet classification
IEEE Journal on Selected Areas in Communications
SSA: a power and memory efficient scheme to multi-match packet classification
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
Packet pre-filtering for network intrusion detection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
The shunt: an FPGA-based accelerator for network intrusion prevention
Proceedings of the 2007 ACM/SIGDA 15th international symposium on Field programmable gate arrays
Implementing high-speed string matching hardware for network intrusion detection systems
Proceedings of the 16th international ACM/SIGDA symposium on Field programmable gate arrays
Swift: a fast dynamic packet filter
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Proceedings of the conference on Design, automation and test in Europe
Fast and scalable packet classification using perfect hash functions
Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays
Large-scale wire-speed packet classification on FPGAs
Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays
Fast and scalable packet classification using perfect hash functions
Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays
Field-split parallel architecture for high performance multi-match packet classification using FPGAs
Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures
High-speed string matching for network intrusion detection
International Journal of Communication Networks and Distributed Systems
LOP: a novel SRAM-based architecture for low power and high throughput packet classification
CODES+ISSS '09 Proceedings of the 7th IEEE/ACM international conference on Hardware/software codesign and system synthesis
An efficient network intrusion detection
Computer Communications
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Energy-efficient multi-pipeline architecture for terabit packet classification
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
A DSL for intrusion detection based on constraint programming
Proceedings of the 3rd international conference on Security of information and networks
Hashing round-down prefixes for rapid packet classification
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Reconfigurable context-free grammar based data processing hardware with error recovery
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Parallel packet classification using GPU co-processors
SAICSIT '10 Proceedings of the 2010 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists
Massively parallel acceleration of a document-similarity classifier to detect web attacks
Journal of Parallel and Distributed Computing
Building lightweight intrusion detection system based on random forest
ISNN'06 Proceedings of the Third international conference on Advances in Neural Networks - Volume Part III
Deep packet inspection tools and techniques in commodity platforms: Challenges and trends
Journal of Network and Computer Applications
CaptureFoundry: a GPU accelerated packet capture analysis tool
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays
Scalable packet classification on FPGA
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Journal of Network and Computer Applications
| Hi-index | 0.00 |
Using FPGA technology for real-time network intrusion detection has gained many research efforts recently. In this paper, a novel packet classification architecture called BV-TCAM is presented, which is implemented for an FPGA-based Network Intrusion Detection System (NIDS). The classifier can report multiple matches at gigabit per second network link rates. The BV-TCAM architecture combines the Ternary Content Addressable Memory (TCAM) and the Bit Vector (BV) algorithm to effectively compress the data representations and boost throughput. A tree-bitmap implementation of the BV algorithm is used for source and destination port lookup while a TCAM performs the lookup of the other header fields, which can be represented as a prefix or exact value. The architecture eliminates the requirement for prefix expansion of port ranges. With the aid of a small embedded TCAM, packet classification can be implemented in a relatively small part of the available logic of an FPGA. The design is prototyped and evaluated in a Xilinx FPGA XCV2000E on the FPX platform. Even with the most difficult set of rules and packet inputs, the circuit is fast enough to sustain OC48 traffic throughput. Using larger and faster FPGAs, the system can work at speeds greater than OC192.