A signature match processor architecture for network intrusion detection

Author

Singaraju, Janardhan ; Bu, Long ; Chandy, John A.

Author_Institution

Connecticut Univ., Storrs, CT, USA

fYear

2005

fDate

18-20 April 2005

Firstpage

235

Lastpage

242

Abstract

In this paper, we introduce a novel architecture for a hardware based network intrusion detection system (NIDS). NIDSs are becoming critical components of the network infrastructure as they serve as a key line of defense in network protection. However, current methods are much too compute intensive and cannot begin to meet the bandwidth requirements of a moderate sized corporate network. Thus, hardware techniques are desired to speed up network processing. This paper introduces a FPGA based signature match processor that can serve as the core of a hardware based NIDS. The signature match processor´s key feature is a CAM-based cellular processor architecture that can match strings in an area efficient manner. Using a unique binary tree structure, we are also able to generate priority encoded addresses corresponding to multiple signature matches.

Keywords

computer networks; content-addressable storage; digital signatures; field programmable gate arrays; string matching; telecommunication security; tree data structures; CAM-based cellular processor architecture; FPGA; binary tree structure; corporate network; network intrusion detection system; network processing; signature match processor architecture; Cams; Computer architecture; Computer networks; Field programmable gate arrays; Hardware; Intrusion detection; Open source software; Protection; Table lookup; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Field-Programmable Custom Computing Machines, 2005. FCCM 2005. 13th Annual IEEE Symposium on

Print_ISBN

0-7695-2445-1

Type

conf

DOI

10.1109/FCCM.2005.11

Filename

1508543