FPGA based network intrusion detection using content addressable memories

Author

Bu, Long ; Chandy, John A.

Author_Institution

Connecticut Univ., Storrs, CT, USA

fYear

2004

fDate

20-23 April 2004

Firstpage

316

Lastpage

317

Abstract

In this paper, we introduce a novel architecture for a hardware based network intrusion detection system (NIDS). Current software-based NIDS are too compute intensive and cannot meet the bandwidth requirements of a modern network. Thus, hardware techniques are desired to speed up network processing. This paper introduces a FPGA based keyword match processor that can serve as the core of a hardware based NIDS. The keyword match processor´s key feature is a cellular processor architecture that allows content addressable memory (CAM) to process variable sized keys. These CAMs allow us to perform intrusion detection signature lookup at line speed at rates well past 2 Gbps.

Keywords

computer networks; content-addressable storage; field programmable gate arrays; memory architecture; security of data; FPGA based keyword match processor; FPGA based network intrusion detection; cellular processor architecture; content addressable memories; hardware based network intrusion detection system; intrusion detection signature lookups; network processing; software based network intrusion detection system; Associative memory; CADCAM; Clocks; Computer aided manufacturing; Computer architecture; Dictionaries; Field programmable gate arrays; Hardware; Intrusion detection; Logic arrays;

fLanguage

English

Publisher

ieee

Conference_Titel

Field-Programmable Custom Computing Machines, 2004. FCCM 2004. 12th Annual IEEE Symposium on

Print_ISBN

0-7695-2230-0

Type

conf

DOI

10.1109/FCCM.2004.35

Filename

1364656