Abstract

Network intrusion detection systems (NIDSs) monitor Internet Protocol (IP) traffic to detect anomalous and malicious activities on a network. Despite the plethora of studies in this field, hardware-based string matching engines that can accommodate the advancements in optical networking technology are still in high demand. Furthermore, memory efficient data structures to store intrusion patterns have recently received a great deal of research attention. In this paper, we introduce a tree-based pattern matching (TPM) scheme that comprises a forest of Binary Search Tree (BST) data structures and an accommodating high-throughput multi-pipelined architecture for scalable string matching on hardware. To improve the resource efficiency in hardware implementations, we enhanced TPM scheme (extended-TPM) with two novel tree structures, namely BST-epsilon (BST∊) and hierarchical BST (H-BST). Our entire design accomplishes a memory efficiency of 1.07 bytes/char for the latest Snort dictionary. Utilizing a state-of-the-art Field Programmable Gate Arrays (FPGAs), TPM architecture can sustain a throughput of 2.7 Gbps.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.