Title :
A pattern matching co-processor for network security
Author :
Cho, Young H. ; Mangione-Smith, William H.
Author_Institution :
Dept. of Electr. Eng., California Univ., Los Angeles, CA, USA
Abstract :
It has been estimated that computer network worms and virus caused the loss of over $55B in 2003. Network security system use techniques such as deep packet inspection to detect the harmful packets. While software intrusion detection system running on general purpose processors can be updated in response to new attacks. They lack the processing power to monitor gigabit networks. We present a high performance pattern matching co-processor architecture that can be used to monitor and identify a large number of intrusion signature. The design consists of a bank of pattern matchers that are used to implement a highly concurrent filter. The pattern matchers can be programmed to match multiple patterns of various lengths, and are able to leverage the existing databases of threat signatures. We have been able to program the filters to match all the payload patterns defined in the widely used Snort network intrusion detection system at a rate above 7 Gbps, with memory space left to accommodate threat signatures that become available in the future.
Keywords :
computer viruses; coprocessors; integrated circuit design; pattern matching; programmable circuits; security of data; 7 Gbit/s; Snort network intrusion detection system; computer network virus; computer network worms; deep packet inspection; general purpose processors; gigabit networks monitoring; intrusion signature; network security system; pattern matching coprocessor architecture; processing power; software intrusion detection system; Computer networks; Computer worms; Coprocessors; Inspection; Intrusion detection; Matched filters; Monitoring; Pattern matching; Power system security; Software systems;
Conference_Titel :
Design Automation Conference, 2005. Proceedings. 42nd
Print_ISBN :
1-59593-058-2
DOI :
10.1109/DAC.2005.193807
