A system architecture for high-speed deep packet inspection in signature-based network intrusion prevention

Authors:
Sunil Kim;Jun-yong Lee
Affiliations:
School of Information and Computer Engineering, Hongik University, 72-1 Sangsu-Dong, Mapo-Gu, Seoul, Republic of Korea;School of Information and Computer Engineering, Hongik University, 72-1 Sangsu-Dong, Mapo-Gu, Seoul, Republic of Korea
Venue:
Journal of Systems Architecture: the EUROMICRO Journal
Year:
2007

Citing 11
Cited 4

A new approach to text searching

SIGIR '89 Proceedings of the 12th annual international ACM SIGIR conference on Research and development in information retrieval
Efficient string matching: an aid to bibliographic search

Communications of the ACM
Granidt: Towards Gigabit Rate Network Intrusion Detection Technology

FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Assisting Network Intrusion Detection with Reconfigurable Hardware

FCCM '02 Proceedings of the 10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Implementation of a Content-Scanning Module for an Internet Firewall

FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Generating realistic workloads for network intrusion detection systems

WOSP '04 Proceedings of the 4th international workshop on Software and performance
A fast string-matching algorithm for network processor-based intrusion detection system

ACM Transactions on Embedded Computing Systems (TECS)
Intrusion Prevention System Design

CIT '04 Proceedings of the The Fourth International Conference on Computer and Information Technology
Deep Packet Filter with Dedicated Logic and Read Only Memories

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
A High Throughput String Matching Architecture for Intrusion Detection and Prevention

Proceedings of the 32nd annual international symposium on Computer Architecture

MultiLayer processing - an execution model for parallel stateful packet processing

Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Deep packet inspection and bandwidth management: Battles over BitTorrent in Canada and the United States

Telecommunications Policy
A pipelined processor architecture for regular expression string matching

Microprocessors & Microsystems
Scalable high-performance parallel design for network intrusion detection systems on many-core processors

ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Pattern matching is one of critical parts of Network Intrusion Prevention Systems (NIPS). Pattern matching hardware for NIPS should find a matching pattern at wire speed. However, that alone is not good enough. First, pattern matching hardware should be able to generate sufficient pattern match information including the pattern index number and the location of the match found at wire speed. Second, it should support pattern grouping to reduce unnecessary pattern matches. Third, it should guarantee worst-case performance even if the number of patterns is increased. Finally it should be able to update patterns in a few minutes or seconds without stopping its operations. We propose a system architecture to meet the above requirements. Using Xilinx FPGA simulation, we show that the new system scales well to achieve a high speed over 10Gbps and satisfies all of the above requirements.