Title :
Efficient Long Signature Matching for Gigabit Intrusion Detection Sensors
Author :
Zhang, Kenong ; Gao, Ming ; Lu, Jiahua ; Guan, Xiaohong
Author_Institution :
Sch. of Electr. Eng., Xi´´an Jiaotong Univ.
Abstract :
Network intrusion detection systems (NIDS) require the sensors to inspect the packet payloads at line rates. However, the software-only NIDS can not handle the large signature set with thousands of patterns of different lengths at line rates. Ternary content-addressable memories (TCAMs) have gained wide acceptance in the industry for storing and searching patterns in routers. But one important problem blocked the way to deploy TCAMs as deep package matching engines for NIDS: long patterns matching. A novel high speed long patterns matching architecture using cascade TCAMs for large signature set based NIDS is presented in this paper. Simple and efficient systems to handle tens of thousands of signatures with thousands of bytes length each can be built on such architecture. The matching system using for current SNORT signature set can work at the speeds greater than 2 Gbps
Keywords :
computer networks; content-addressable storage; pattern matching; security of data; SNORT signature set; cascade TCAM; deep package matching engines; gigabit intrusion detection sensors; high speed long pattern matching architecture; line rates; long signature matching; network intrusion detection systems; packet payloads; software-only NIDS; ternary content-addressable memories; Engines; Ethernet networks; Field programmable gate arrays; Intrusion detection; Pattern matching; Payloads; Sensor systems; Software performance; Systems engineering and theory; TCPIP;
Conference_Titel :
Networking, Sensing and Control, 2006. ICNSC '06. Proceedings of the 2006 IEEE International Conference on
Conference_Location :
Ft. Lauderdale, FL
Print_ISBN :
1-4244-0065-1
DOI :
10.1109/ICNSC.2006.1673277
