FPGA-based SoC for real-time network intrusion detection using counting bloom filters

Computers face an ever increasing number of threats from hackers, viruses and other malware; effective Network Intrusion Detection (NID) before a threat affects end-user machines is critical for both financial and national security. As the number of threats and network speeds increase (over 1 gigabit/sec), users of conventional software based NID methods must choose between protection or higher data rates. To address this shortcoming, we have designed a hardware-based NID system-on-a-chip using data structures called Counting Bloom Filters (CBFs). Our design has extremely high throughput (up to 3.3 gigabits/sec) and can successfully detect and mitigate known threats, and is, to our knowledge, the only known CBF based NID system-on-a-chip to be implemented on a Virtex 4 FPGA. In this project, we present the first optimized, Counting Bloom Filter based Network Intrusion Detection FPGA SoC (system-on-chip) implemented on a Virtex 4 FPGA: our design is scalable through further parallelization and, to our knowledge, is one of the highest throughput NID systems in existence.