Title :
High-throughput linked-pattern matching for intrusion detection systems
Author :
Baker, Z.K. ; Prasanna, V.K.
Author_Institution :
Univ. of Southern California, Los Angeles, CA
Abstract :
This paper presents a hardware architecture for highly efficient intrusion detection systems. In addition, a software tool for automatically generating the hardware is presented. Intrusion detection for network security is a compute-intensive application demanding high system performance. By moving both the string matching and the linking of multi-part rules to hardware, our architecture leaves the host system free for higher-level analysis. The tool automates the creation of efficient field programmable gate array architectures (FPGA). The generated hardware allows an FPGA-based system to perform deep-packet inspection of streams at up to 10 Gb/s line rates at a high level of area efficiency. Going beyond previous basic string-matching implementations that offer only single-string matching, the architecture provides support for rules requiring complex, linked (correlated-content) constructions. This allows most Snort content-linking extensions including ´distance´ and ´within´ bounding restrictions.
Keywords :
field programmable gate arrays; logic CAD; security of data; string matching; FPGA; Snort content-linking extensions; field programmable gate array architectures; hardware architecture; high-throughput linked-pattern matching; intrusion detection system; network security; software tool; string matching; Application software; Computer applications; Computer architecture; Computer networks; Field programmable gate arrays; Hardware; High performance computing; Intrusion detection; Software tools; System performance; network intrusion detection; string matching;
Conference_Titel :
Architecture for networking and communications systems, 2005. ANCS 2005. Symposium on
Conference_Location :
Princeton, NJ
Print_ISBN :
978-1-59593-082-8
