Title :
A methodology for synthesis of efficient intrusion detection systems on FPGAs
Author :
Baker, Zachary K. ; Prasanna, Viktor K.
Author_Institution :
Univ. of Southern California, Los Angeles, CA, USA
Abstract :
Intrusion detection for network security is a computation intensive application demanding high system performance. System level design, a relatively unexplored field in this area, allows more efficient communication and extensive reuse of hardware components for dramatic increases in area-time performance. By applying optimization strategies to the entire database, we reduce hardware requirements compared to architectures designed with single pattern matchers in mind. We present a methodology for system-wide integration of graph-based partitioning of large intrusion detection pattern databases. Integrating ruleset-based graph creation and min-cut partitioning, our methodology allows efficient multi-byte comparisons and partial matches for high performance FPGA-based network security. Through pre-processing, this methodology yields designs with competitive clock frequencies that are a minimum of 8x more area efficient than previous non-predecoded shift-and-compare architectures.
Keywords :
field programmable gate arrays; graph theory; hardware description languages; optimisation; telecommunication security; FPGA; graph based partitioning; intrusion detection systems; min-cut partitioning; multibyte comparisons; network security; nonpredecoded architecture; optimization; pattern matchers; ruleset based graph creation; shift and compare architecture; system level design; system wide integration; Communication system security; Computer applications; Computer networks; Data security; Databases; Field programmable gate arrays; Hardware; High performance computing; Intrusion detection; Network synthesis;
Conference_Titel :
Field-Programmable Custom Computing Machines, 2004. FCCM 2004. 12th Annual IEEE Symposium on
Print_ISBN :
0-7695-2230-0
DOI :
10.1109/FCCM.2004.6
