A high performance NIDS using FPGA-based regular expression matching

Authors:
Janghaeng Lee;Sung Ho Hwang;Neungsoo Park;Seong-Won Lee;Sunglk Jun;Young Soo Kim
Affiliations:
Konkuk University, Seoul, Korea;Konkuk University, Seoul, Korea;Konkuk University, Seoul, Korea;Kwangwoon University, Seoul, Korea;ETRI, Daejeon, Korea;ETRI, Daejeon, Korea
Venue:
Proceedings of the 2007 ACM symposium on Applied computing
Year:
2007

Citing 5
Cited 5

Implementation of a Content-Scanning Module for an Internet Firewall

FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Deep Packet Filter with Dedicated Logic and Read Only Memories

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Scalable Pattern Matching for High Speed Networks

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Pre-Decoded CAMs for Efficient and High-Speed NIDS Pattern Matching

FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Fast Regular Expression Matching Using FPGAs

FCCM '01 Proceedings of the the 9th Annual IEEE Symposium on Field-Programmable Custom Computing Machines

High-performance regular expression scanning on the Cell/B.E. processor

Proceedings of the 23rd international conference on Supercomputing
MIDeA: a multi-parallel intrusion detection architecture

Proceedings of the 18th ACM conference on Computer and communications security
Kargus: a highly-scalable software-based intrusion detection system

Proceedings of the 2012 ACM conference on Computer and communications security
New opportunities for load balancing in network-wide intrusion detection systems

Proceedings of the 8th international conference on Emerging networking experiments and technologies
Scalable high-performance parallel design for network intrusion detection systems on many-core processors

ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

A Network Intrusion Detection System (NIDS) monitors all incoming packets in the network and detects packets that are malicious to the internal system. The NIDS should also have ability to update the detection rules because new attack patterns are unpredictable. Incorporating FPGAs into the NIDS is one of the best solutions that can provide both high performance and high flexibility comparing to the other approaches such as software solutions. In this paper we propose a novel approach to design the parallel comparator of NIDS that can not only minimize additional resources but also maximize the processing performance. The performance and resource tradeoff due to the implementation of the parallel comparator in the prefix sharing is also analyzed.