Hardware based pattern matching technique for packet inspection of high speed network

Network Intrusion Detection Systems (NIDS) detect and prevent numerous security threats in network traffic. Advanced IDS go beyond packet header and examine packet payload to detect content-based security threats. But payload scanning is intensive task in IDS, since each packet must be compared against thousands of predefined attacks at multigigabit rate. Software based IDS achieve throughput only at the rate of Mbps, whereas hardware based solutions achieve higher throughput at the rate of Gbps. In this paper we present an optimized hash based algorithm called Word Split Hash algorithm (WSHA) to compare payload against attacks. In previous hash based algorithms the elimination or detection of virus is at last stage after finding hash for the whole word but in WSHA we will do checks after finding subhash values at many stages and also in the final stage. Hence throughput is increased. Also only a bit comparison is carried out for checking purpose after finding the subhash values. So the memory space utilized will be very much reduced. This string matching algorithm can be implemented in FPGA, which can provide very fast and efficient scanning with less memory space occupied. They are designed and simulated in VHDL using Modelsim tool.