Fast and scalable pattern matching for content filtering
Proceedings of the 2005 ACM symposium on Architecture for networking and communications systems
A Sampling Method for Intrusion Detection System
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
PERG-Rx: a hardware pattern-matching engine supporting limited regular expressions
Proceedings of the ACM/SIGDA international symposium on Field programmable gate arrays
Systolic array for string matching in NIDS
AsiaCSN '07 Proceedings of the Fourth IASTED Asian Conference on Communication Systems and Networks
Reconfigurable context-free grammar based data processing hardware with error recovery
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Performance of FPGA implementation of bit-split architecture for intrusion detection systems
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Efficient pattern matching algorithm for memory architecture
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
FPGA-based cuckoo hashing for pattern matching in NIDS/NIPS
APNOMS'07 Proceedings of the 10th Asia-Pacific conference on Network Operations and Management Symposium: managing next generation networks and services
| Hi-index | 0.00 |
Due to increasing number of network worms and virus, many computer network users are vulnerable to attacks. Unless network security systems use more advanced methods of content filtering such as deep packet inspection, the problem will get worse. However, searching for patterns at multiple offsets in entire content of network packet requires more processing power than most general purpose processor can provide. Thus, researchers have developed high performance parallel deep packet filters for reconfigurable devices. Although some reconfigurable systems can be generated automatically from pattern database, obtaining high performance result from each subsequent reconfiguration can be a time consuming process. We present a novel architecture for programmable parallel pattern matching coprocessor. By combining a scalable co-processor with the compact reconfigurable filter, we produce a hybrid system that is able to update the rules immediate during the time the new filter is being compiled. We mapped our hybrid filter for the latest Snort rule set on January 13, 2005, containing 2,044 unique patterns byte make up 32,384 bytes, onto a single Xilinx Virtex 4LX - XC4VLX15 FPGA with a filtering rate of 2 Gbps.