Title :
Highly Efficient String Matching Circuit for IDS with FPGA
Author :
Katashita, Toshihiro ; Maeda, Atusi ; Toda, Kenji ; Yamaguchi, Yoshinori
Author_Institution :
Nat. Inst. of Adv. Ind. Sci. & Technol., Ibaraki
Abstract :
String matching circuits have been studied extensively for intrusion detection systems so far. An NFA-based string matching circuit, one of the works, has expandability of processing data width. However the resource requirement increases markedly, it was difficult to implement an NFA-based string matching circuit with whole the Snort 2.3.3 rule (35461 characters) that processes at 10 Gbps on a single FPGA. In this paper, the authors propose a highly efficient string matching circuit for FPGA. In our circuit, redundant AND-gates and states in the NFA are eliminated to reduce the resource requirement. Consequently, our circuit is reduced in the resources requirement by over 50% as compared with a previous NFA-based circuit, and the synthesis result shows that a string matching circuit that includes the whole Snort 2.3.3 rule can be implemented onto a single xc2vp-100-6 FPGA with throughput over 10 Gbps
Keywords :
field programmable gate arrays; logic gates; security of data; string matching; 10 Gbit/s; FPGA; IDS; NFA; Snort 2.3.3 rule; intrusion detection systems; nondeterministic finite automaton; processing data width; redundant AND-gates; string matching circuit; Circuit synthesis; Data processing; Data security; Decoding; Electronics industry; Field programmable gate arrays; Industrial electronics; Intrusion detection; Magnetic heads; Throughput;
Conference_Titel :
Field-Programmable Custom Computing Machines, 2006. FCCM '06. 14th Annual IEEE Symposium on
Conference_Location :
Napa, CA
Print_ISBN :
0-7695-2661-6
DOI :
10.1109/FCCM.2006.51
