Title :
A pattern matching coprocessor for deep and large signature set in network security system
Author :
Wu, Chih-Chiang ; Wen, Sung-Hua ; Huang, Nen-Fu ; Kao, Chia-Nan
Author_Institution :
Comput. & Commun. Res. Center, Nat. Tsing Hua Univ., Hsinchu, Taiwan
fDate :
28 Nov.-2 Dec. 2005
Abstract :
As the network is growing fast and the viruses are spreading around the network more frequently, network intrusion prevention system (NIPS) is becoming more and more important. The traditional way for intrusion prevention is done by pure software solution with high performance CPU. However, this method is out of date, when gigabit network is booming and the high performance throughput is required. In recent years, the programmable hardware solutions have been proposed but they cannot deal with deep and large amount of pattern matching and are lack of flexibility when signatures are growing up. In this paper, we propose a novel pattern-matching coprocessor that overcomes the difficulties in TCAM implementation when pattern length is deep and signature set is large. Since patterns are all stored in TCAM, it is a scalable and flexible system.
Keywords :
computer networks; coprocessors; pattern matching; security of data; telecommunication security; gigabit network; network intrusion prevention system; network security system; pattern matching coprocessor; programmable hardware solutions; signature set; ternary content addressable memory; Communication system security; Computer viruses; Coprocessors; Field programmable gate arrays; Hardware; Intelligent networks; Intrusion detection; National security; Pattern matching; Throughput;
Conference_Titel :
Global Telecommunications Conference, 2005. GLOBECOM '05. IEEE
Print_ISBN :
0-7803-9414-3
DOI :
10.1109/GLOCOM.2005.1577957
