Title :
Pre-decoded CAMs for efficient and high-speed NIDS pattern matching
Author :
Sourdis, Ioannis ; Pnevmatikatos, Dionisios
Author_Institution :
Dept. of Electron. & Comput. Eng., Crete Tech. Univ., Chania, Greece
Abstract :
In this paper we advocate the use of pre-decoding for CAM-based pattern matching. We implement an FPGA based sub-system for NIDS (Snort) pattern matching using a combination of techniques. First, we reduce the area cost of character matching using (i) character pre-decoding before they are compared in the CAM line, and (ii) efficient shift register implementation using the SRL16 Xilinx cell. Then we achieve high operating frequencies by (iii) using ne grain pipelining for faster circuits and (iv) decoupling the data distribution network from the processing components. Our results show that for matching more than 18,000 characters (the entire SNORT rule set) our implementation requires an area cost of less than 1.1 logic cells per matched character, achieving an operating frequency of about 375 MHz (3 Gbps) on a Virtex2 device. When using quad parallelism to increase the matching throughput, the area cost of a single matched character is reduced to less than one logic cell for a throughput of almost 10 Gbps.
Keywords :
content-addressable storage; decoding; field programmable gate arrays; memory architecture; security of data; shift registers; string matching; CAM based pattern matching; FPGA based subsystem; SRL16 Xilinx cell; Snort rule set; Virtex2 device; character matching; character predecoding; data distribution network; faster circuits; grain pipelining; network intrusion detection system; predecoded CAM; processing components; shift register; CADCAM; Cams; Computer aided manufacturing; Costs; Field programmable gate arrays; Frequency; Intrusion detection; Logic devices; Pattern matching; Throughput;
Conference_Titel :
Field-Programmable Custom Computing Machines, 2004. FCCM 2004. 12th Annual IEEE Symposium on
Print_ISBN :
0-7695-2230-0
DOI :
10.1109/FCCM.2004.46
