Abstract
This paper presents a hardware architecture for highly efficient intrusion detection systems. In addition, a software tool for automatically generating the hardware is presented. Intrusion detection for network security is a compute-intensive application demanding high system performance. By moving both the string matching and the linking of multi-part rules to hardware, our architecture leaves the host system free for higher-level analysis. The tool automates the creation of efficient field programmable gate array architectures (FPGA). The generated hardware allows an FPGA-based system to perform deep-packet inspection of streams at up to 10 Gb/s line rates at a high level of area efficiency. Going beyond previous basic string-matching implementations that offer only single-string matching, the architecture provides support for rules requiring complex, linked (correlated-content) constructions. This allows most Snort content-linking extensions including 'distance' and 'within' bounding restrictions.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
