Title :
Bitwise optimised CAM for network intrusion detection systems
Author :
Yusuf, Sherif ; Luk, Wayne
Author_Institution :
Dept. of Comput., Imperial Coll. London, UK
Abstract :
String pattern matching is a computationally expensive task, and when implemented in hardware, it can consume a large amount of resources for processing and storage. This paper presents a novel technique, based on a tree-based content addressable memory structure, for a pattern matching engine for use in a hardware-based network intrusion detection system. This technique involves hardware sharing at bit level in order to exploit powerful logic optimisations for multiple strings represented as a boolean expression. Our approach has been used to implement the entire SNORT rule set with around 12% of the area on a Xilinx XC2V80O0 FPGA. The design can run at a rate of approximately 2.5 Gigabits per second, and is approximately 30% smaller in area when compared with published results. The performance of our design can be improved further by having multiple designs operating in parallel.
Keywords :
content-addressable storage; field programmable gate arrays; optimisation; pattern matching; security of data; SNORT rule set; Xilinx XC2V80O0 FPGA; bitwise optimised CAM; boolean expression; hardware sharing; logic optimisations; network intrusion detection systems; string pattern matching; tree-based content addressable memory structure; Binary decision diagrams; Boolean functions; CADCAM; Computer aided manufacturing; Engines; Hardware; Information security; Intrusion detection; Pattern matching; Payloads;
Conference_Titel :
Field Programmable Logic and Applications, 2005. International Conference on
Print_ISBN :
0-7803-9362-7
DOI :
10.1109/FPL.2005.1515762
