Sciweavers

Share
AINA
2008
IEEE

Improved TCAM-Based Pre-Filtering for Network Intrusion Detection Systems

8 years 11 months ago
Improved TCAM-Based Pre-Filtering for Network Intrusion Detection Systems
—With the increasing growth of the Internet, the explosion of attacks and viruses significantly affects the network security. Network Intrusion Detection System (NIDS) is developed to identify these network attacks by a set of rules. However, searching for multiple patterns is a computationally expensive task in NIDS. Traditional software-based solutions can not meet the high bandwidth demanded in current high-speed networks. In the past, the pre-filtering designed for NIDS is an effective technique that can reduce the processing overhead significantly. A FNPlike TCAM searching engine (FTSE) [5][6] is an example that uses an 2-stage architecture to detect whether an incoming string contains patterns. In this paper, we propose two techniques to improve the performance of FTSE that utilizes ternary content addressable memory (TCAM) as pre-filter to achieve gigabit performance. The first technique performs the w-byte suffix pattern match instead of using w-byte prefix. The second techni...
Yeim-Kuan Chang, Ming-Li Tsai, Cheng-Chien Su
Added 28 May 2010
Updated 28 May 2010
Type Conference
Year 2008
Where AINA
Authors Yeim-Kuan Chang, Ming-Li Tsai, Cheng-Chien Su
Comments (0)
books