• DocumentCode
    2896905
  • Title

    A Common On-board Hardware Architecture for Intrusion Detection System

  • Author

    Kong, Chao ; Yang, Bo ; Jia, Zhiping ; Chen, Zhenxiang

  • Author_Institution
    Sch. of Comput. Sci. & Technol., Shandong Univ., Jinan, China
  • Volume
    2
  • fYear
    2009
  • fDate
    18-20 Nov. 2009
  • Firstpage
    386
  • Lastpage
    389
  • Abstract
    An intrusion detection system (IDS) implements pattern matching approach on the network traffic to find the malicious packets carrying attack signatures. In this paper, a common field programmable gate array (FPGA) based on-board hardware architecture which is compatible with both ordinary string and perl compatible regular expression (PCRE) pattern matching is proposed to accelerate IDS. Furthermore, a flexible storage structure which is suitable for many general hardware matching algorithms and an optimized combinational logic circuit structure for PCRE matching are designed. With the synchronization of a connection decoder, ordinary string matching module coordinates with PCRE matching module to implement string-PCRE mixed rule.
  • Keywords
    combinational circuits; computer network security; decoding; field programmable gate arrays; string matching; synchronisation; telecommunication traffic; PCRE matching module; attack signatures; connection decoder; field programmable gate array; flexible storage structure; general hardware matching algorithms; intrusion detection system; malicious packets; network traffic; on-board hardware architecture; optimized combinational logic circuit structure; ordinary string matching module; perl compatible regular expression pattern matching; string-PCRE mixed rule; synchronization; Acceleration; Algorithm design and analysis; Combinational circuits; Design optimization; Field programmable gate arrays; Hardware; Intrusion detection; Pattern matching; Programmable logic arrays; Telecommunication traffic; FPGA; IDS; PCRE; pattern matching;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Multimedia Information Networking and Security, 2009. MINES '09. International Conference on
  • Conference_Location
    Hubei
  • Print_ISBN
    978-0-7695-3843-3
  • Electronic_ISBN
    978-1-4244-5068-8
  • Type

    conf

  • DOI
    10.1109/MINES.2009.66
  • Filename
    5368267
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2896905