Title :
Assisting network intrusion detection with reconfigurable hardware
Author :
Hutchings, B.L. ; Franklin, R. ; Carver, D.
Author_Institution :
Dept. of Electr. & Comput. Eng., Brigham Young Univ., Provo, UT, USA
Abstract :
String matching is used by Network Intrusion Detection Systems (NIDS) to inspect incoming packet payloads for hostile data. String-matching speed is often the main factor limiting NIDS performance. String-matching performance can be dramatically improved by using Field-Programmable Gate Arrays (FPGAs); accordingly, a "regular-expression to FPGA circuit" module generator has been developed. The module generator extracts strings from the Snort NIDS rule-set, generates a regular expression that matches all extracted strings, synthesizes a FPGA-based string matching circuit, and generates an EDIF netlist that can be processed by Xilinx software to create an FPGA bitstream. The feasibility of this approach is demonstrated by comparing the performance of the FPGA-based string matcher against the software-based GNU regex program. The FPGA-based string matcher exceeds the performance of the software-based system by 600x for large patterns.
Keywords :
compiler generators; computer network management; field programmable gate arrays; reconfigurable architectures; string matching; EDIF netlist; Xilinx software; field-programmable gate arrays; module generator; network intrusion detection; packet payloads; reconfigurable hardware; software-based GNU regex program; string matching; Automatic test pattern generation; Circuits; Databases; Field programmable gate arrays; Hardware; Intrusion detection; Java; Pattern matching; Payloads; Test pattern generators;
Conference_Titel :
Field-Programmable Custom Computing Machines, 2002. Proceedings. 10th Annual IEEE Symposium on
Print_ISBN :
0-7695-1801-X
DOI :
10.1109/FPGA.2002.1106666
