Sciweavers

Share
ANCS
2005
ACM

High-throughput linked-pattern matching for intrusion detection systems

11 years 7 months ago
High-throughput linked-pattern matching for intrusion detection systems
This paper presents a hardware architecture for highly efficient intrusion detection systems. In addition, a software tool for automatically generating the hardware is presented. Intrusion detection for network security is a compute-intensive application demanding high system performance. By moving both the string matching and the linking of multi-part rules to hardware, our architecture leaves the host system free for higher-level analysis. The tool automates the creation of efficient Field Programmable Gate Array architectures (FPGA). The generated hardware allows an FPGAbased system to perform deep-packet inspection of streams at up to 10 Gb/s line rates at a high level of area efficiency. Going beyond previous basic string-matching implementations that offer only single-string matching, the architecture provides support for rules requiring complex, linked (correlated-content) constructions. This allows most Snort content-linking extensions including ‘distance’ and ‘within...
Zachary K. Baker, Viktor K. Prasanna
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where ANCS
Authors Zachary K. Baker, Viktor K. Prasanna
Comments (0)
books