Title :
A pattern-matching co-processor for network intrusion detection systems
Author :
Clark, Christopher R. ; Schimmel, David E.
Author_Institution :
Sch. of Electr. & Comput. Eng., Georgia Inst. of Technol., Atlanta, GA, USA
Abstract :
This paper explores the design and analysis of an FPGA module that implements pattern-matching functionality for the network intrusion detection problem. The specific features of the pattern-matcher include support for complex regular expressions and approximate matching with bounded substitutions, insertions, and deletions. A module generator is presented that utilizes non-deterministic finite automata to dynamically create efficient circuits for matching patterns specified with a standard rule language. The logic complexity and performance of the generated circuits is measured and analyzed. Results indicate our techniques yield circuits that are more than twice as dense as other reported designs, while maintaining the throughput necessary for processing at gigabit line speeds and beyond. The FPGA pattern-matching processor is integrated with other hardware and software components to form a complete network intrusion detection system.
Keywords :
coprocessors; field programmable gate arrays; finite automata; logic circuits; pattern matching; safety systems; FPGA module; FPGA pattern matching coprocessor; approximate matching; bounded deletions; bounded insertions; bounded substitutions; complex regular expressions; gigabit line speeds; logic complexity; module generator; network intrusion detection systems; nondeterministic finite automata; standard rule language; Automata; Coprocessors; Field programmable gate arrays; Integrated circuit measurements; Integrated circuit yield; Intrusion detection; Logic circuits; Pattern analysis; Pattern matching; Performance analysis;
Conference_Titel :
Field-Programmable Technology (FPT), 2003. Proceedings. 2003 IEEE International Conference on
Print_ISBN :
0-7803-8320-6
DOI :
10.1109/FPT.2003.1275733
